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Your  Take:  Toward  a  unified  front 

Unified  communications  technology  has  helped  Bryan  Larrieu  cut  costs,  streamline  communications 
and  generate  cooperative  thinking  at  healthcare  services  provider  Alere.  And  over  at  SugarCRM  Lila 
Tretikov  relies  on  a  set  of  open  communications  tools  as  the  foundation  of  company  —  and  customer 
—  communications.  Page  36. 


IP  call  center 
integration 

The  university's  dis¬ 
parate  infrastructure 
made  for  a  complex 
project.  Page  12. 

Microsoft  lays  out 
SQL  Server  plans 

SQL  Server  2008  has 
some  lofty  goals, 
including  simplifying 
complex  business 
intelligence  so  more 
users  can  access 
data  across  dis¬ 
parate  sources  using 
Microsoft’s  Excel  and 
SharePoint  and 
Office  Communica¬ 
tions  Server. 

Page  16. 


Economic  crisis 
cramps  IT  budgets 


BY  DENISE  DUBIE 

Economic  uncertainty  is  driving 
CIOs  to  halt  projects,  freeze  hiring 
and  pile  more  respon¬ 
sibilities  onto  existing 
IT  staff. 

High-tech  has  been 
known  to  weather 
economic  crises  bet¬ 
ter  than  other  indus¬ 
tries,  in  part  because 
of  its  role  as  an  en¬ 
abler  to  businesses. 

The  recent  deluge  of 
financial  failures,  however,  is  caus¬ 
ing  enterprise  IT  executives  to  re¬ 
think  expenditures  over  the  com¬ 
ing  months.  For  instance,  a  CIO 
Executive  Board  survey  of  50  IT 
leaders  in  September  revealed 
that  61%  are  reevaluating  2009 
budget  plans,  59%  are  putting 


nonessential  IT  projects  on  hold, 
and  24%  have  introduced  a  hiring 
freeze  in  IT. 

“For  the  average 
company  the  trend  is 
a  lot  of  caution  going 
forward. There  is  too 
much  uncertainty 
around  the  bailout 
and  the  national  elec¬ 
tion  for  IT  leaders  to 
be  confident  in  new 
investments,”  says 
John  Estes,  a  vice 
president  with  IT  staffing  and  con¬ 
sulting  firm  Robert  Half 
Technology 

This  caution  will  translate  into 
more  work  for  network  executives 
—  without  any  wiggle  room  in 
their  budget  or  access  to  more 

See  Crisis,  page  14 


■  Earnings  dis¬ 
appointments, 
IPO  dry  spell 
signal  financial 
problems  for 
the  IT  industry. 
Page  14. 


Mobile  learning 
project  gives 
students  free 
iPhone  or  iPod 

BY  JOHN  COX 


ACU  freshman 
Halie  Davis 
connects  jyith- 
friends,  faculty 


Google,  Microsoft 
spark  interest 
in  modular  data 
centers 

Container- based 
data  centers  are  get¬ 
ting  attention,  though 
some  claim  the 
portable  units  aren't 
the  environmentally 
friendly  alternatives 
they're  cracked  up  to 
be.  Page  24. 


Four  steps  to  application 


■ 


NetForecast  survey  shows  that 
adhering  to  application  perform 
ance  management  (APM)  best 
practices  leads  to  app  happi¬ 
ness.  Page  33 


When  almost  1,000  freshman  students  showed 
up  at  Abilene  Christian  University  on  Aug.  16,  they 
got  something  more  than  the  usual  medical  re¬ 
lease  forms,  parking  permits  and  Welcome  Week 
T-shirts. 

They  got  a  choice  of  a  new  Apple  iPhone  3G  or 
iPod  Touch,  plus  a  package  of  ACU-written  Web 
applications  to  use  on  them. 

The  hardware  is  part  of  the  Texas  university’s 
pilot  mobile-learning  project,  which  has  been 
gestating  for  more  than  a  year.  About  650  first-year 
students  chose  the  iPhone,  and  about  300  the 
iPod  Touch,  which  is  similar  but  doesn’t  have  the 
3G  radio  (both  devices  support  802.1  lg  Wi-Fi). 
ACU  pays  for  the  hardware,  and  students  (or  their 
parents)  select  and  pay  for  their  monthly  AT&T 
service  plan. 

After  just  six  weeks,  the  freshmen  seem  fully 
mobilized. “I  use  it  in  four  of  my  five  classes,”  says 
Halie  Davis,  a  student  from  Rankin,  in  west  Texas, 
who  chose  the  iPhone.  “If  your  teacher  says  ‘get 
out  your  iPhone  and  look  up  a  word,’  you  can  do 
a  Google  search  or  check  Wikipedia  on  the  Inter¬ 
net.  It’s  really  fast.” 

With  their  Apple  devices,  students  also  get  read¬ 
only  mobile  access  to  files  of  all  kinds  stored  on 

See  Texas,  page  48 


Integrate  data  like  never  before, 

SQL  Server  2008  provides  built-in 
data  integration  for  all  data  formats. 

Manage  data  like  never  before. 
New  built-in  data  compression 
helps  you  scale  to  billions  of  rows 
of  data  with  increased  performance, 

Deliver  data  like  never  before. 

SQL  Server  2008  integrates  with 
familiar  Microsoft  Office  applications. 


Turn  your  company's  data  into 

a  new  form  of  energy. 

Introducing  Microsoft*  SQL  Server*  2008.  Harness  the  power  of  the  data 
explosion. The  number  of  data  formats  you  have  to  deal  with,  along  with  the 
sheer  volume  of  data,  has  exploded  in  the  last  few  years.  With  new  SQL 
Server  2008,  you  can  harness  the  untapped  power  of  that  data  explosion  by 
integrating,  managing,  and  delivering  that  power  for  your  end  users  like  never 
before.  See  the  power  you  can  give  end  users  at  SQLServerEnergy.com 

Microsoft 

4)  SQL  Server  2008 


IT  drives  your  business.  So  naturally,  it  consumes  your  thoughts.  Customers,  on  the  other  hand,  shouldn't  need  to 
think  about  it  at  all.  They  just  expect  great  service.  Our  approach  to  Business  Service  Management  helps  ensure  they 
get  it,  by  managing  IT  services  based  on  their  impact  to  your  business.  That  way,  with  your  service  commitments 
fully  in  sync  with  your  business  demands,  you’ll  be  able  to  give  your  customers  that  most  coveted  and  elusive  of  all 
service  experiences:  complete  satisfaction.  Of  course,  we’ll  know  the  source  of  that  satisfaction  is  really  your  very 
own  IT  department.  Learn  more  and  get  the  latest  white  papers  at  ca.com/bsm. 


CA  World  2008:  November  16-20 

Register  at  caworld.com 
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COOLTOOLS 

■  The  Siingbox 
Pro-HD  connects 
to  a  TV  or  home 
network  so  you 
can  stream  TV 
content  across 
the  LAN  or  Inter¬ 
net.  See  Cool 
Tools,  page  32. 
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30  Anatomy  of  a  SQL-injection  attack. 

32  Mark  Gibbs:  Backup  DVDs  that  find 
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32  Keith  Shaw:  Accessing  HD  content 
from  anywhere. 
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Four  steps  to  application 


Survey  shows  that  adhering 
to  application  performance 
management  (APM)  best 
practices  can  lead  to  app 
happiness.  Page  33 


GOODBADUGLY 

Firefox  saves  the  day 

A  popular  free  secu¬ 
rity  tool  for  Mozilla’s 
Firefox  browser  has 
been  upgraded  to 
block  one  of  the 
most  dangerous  and 
troubling  security  prob 
lems  facing  the  Web 
today.  NoScript  is  a  small 
application  that  inte¬ 
grates  with  Firefox.  It 
blocks  scripts  from  exe¬ 
cuting  on  untrusted  Web 
pages. The  scripts  could 
be  used  to  launch  an 
attack  on  a  PC. 

AMD’s  ‘splitting’  headache 

Coming  off  seven  straight  quarters  of 
losses,  Advanced  Micro  Devices  plans 
to  split  into  two  companies,  one  to 
design  chips  and  one  to  make  them, 
while  two  investment  funds  owned  by 
the  government  of  Abu  Dhabi  will  con¬ 
tribute  new  capital.  AMD  hopes  the 
move  will  give  it  the  resources  it  needs 
to  compete  better  with  Intel,  which 
dominates  the  microprocessor  industry. 

Man  indicted  for  hacking  Palin’s 
e-mail 

A  20-year-old  Tennessee  man  has  been 
indicted  for  hacking  into  an  e-mail 
account  of  U.S.  vice  presidential  candi¬ 
date  Sarah  Palin,  according  to  court 
records.  David  C.  Kernell  was  indicted 
lastTuesday  by  a  grand  jury  in  the  U.S. 
District  Court  for  the  Eastern  District 
ofTennessee  on  a  single  charge  of 
accessing  a  protected  computer.The 
indictment  carries  a  maximum  sen¬ 
tence  of  five  years  in  prison  and  a 
$250,000  fine.  Kernell  pleaded  not  guilty. 


IT  Roadmap: 

Security  and  compliance 

Today’s  hyperconnected  enterprises 
require  technologies,  strategies  and 
architectures  not  even  imagined  in  the 
wired  world,  learn  more  about  an 
always-on  defense  that’s  active,  re¬ 
sponsive,  realistic  and  fully  compliant. 
Attend  IT  Roadmap:  Washington,  D.C., 
on  Dec.  16.  Qualify  to  attend  free  at: 
www.nwdocfinder.com/6821 


PEERSAY 


Editor's  note:  Mark  Gibbs'  column  on  the 
Sarah  Palin  e-mail  breach  —  and  the  results  of 
an  online  poll  showing  36%  of  network- 
world,  com  visitors  thought  it  could  be  justified 
(www.  nwdocfinder.com/ 7022)  —  generated 
considerable  discussion.  Here  are  some  com¬ 
ments.  Read  more  and  jump  into  the  discussion 
at  www. nwdocfinder.com/ 7023. 

Like  you,  I  was  shocked  (appalled?)  to  see 
36%  of  respondents  affirm  that  acquiring 
access  to  Sarah  Palin’s  private  e-mail  without 
her  permission  could 
be“justified.”The  argu¬ 
ments  of  some  of 
these  persons  were 
no  more  rational  than 
saying  it  would  be 
ethical  to  take  money 
from  your  mother’s 
purse  because  she 
naively  leaves  it  lying 
in  her  bedroom  when 
people  come  to  visit. 

The  ethical  thing  to 
do  would  be  to  bring 
her  carelessness  to 
her  attention  and 
offer  to  help  her  correct  it. 

I  sincerely  hope  this  36%  does  not  reflect  the 
number  of  unethical  —  or  irrational  —  per¬ 
sons  in  our  industry. 

Richard  Whiting 

It’s  really  very  simple  —  IT  professionals  are 
human,  too.  It’s  wrong  to  want  a  little  illegal 
revenge  (especially  in  a  matter  of  professional 
trust)  but  understandable. The  use  of  outside, 
consumer  e-mail  could  be  an  honest  attempt 
to  separate  public  service  from  private  and 
party  communications.  It’s  also  possible  that 
President  Bush  will  wear  a  pink  tutu  at  his  next 
press  conference.  Doesn’t  matter,  it’s  still 
wrong.  If  she  is  involved  in  illegal  or  unethical 
activities  they  will  come  to  light  soon  enough. 

Of  course,  the  core  feeling  is  frustration.  Bush 
has  been  hiding  behind  one  tissue  paper  of 
plausibility  after  another  and  he’s  hardly  the 
only  one.  When  the  new  gal  in  town  appears 
to  be  pulling  the  same  stuff  after  stonewalling 


a  serious  investigation  into  potential  criminal 
activity  (her  own)  it’s  hard  to  remember  that 
she  still  deserves  the  same  constitutional  pro¬ 
tection  that  everyone  does.Yes,  I  know  she  sup¬ 
ports  a  president  who  thinks  the  Bill  of  Rights 
is  a  rather  dated  document. Still  doesn’t  matter. 
If  freedom  and  democracy  are  to  mean  any¬ 
thing  we  have  to  give  our  enemies  the  same 
presumption  of  innocence,  the  same  protec¬ 
tions  we  would  grant  ourselves.  If  we  don’t  we 
are  no  better  than,  well,  our  president. 

Randy  Grein 

It’s  real  scary  that 
this  many  people  in 
the  IT  world  have  no 
ethics.  I’m  sure  they 
must  daily  use  their  IT 
resources  to  spy  on 
their  co-workers  and 
company  and  some¬ 
how  think  that  their 
behavior  is  justified. 

My  daughter  had 
her  Yahoo  e-mail 
hijacked  by  a  “friend” 
a  couple  of  years  ago 
using  the  exact  same 
method  you  described.  A  lot  of  damage  can 
be  done  when  someone  starts  sending  email 
using  your  account,  needless  to  say  I  was  able 
to  close  her  account  and  set  up  one  on  Gmail. 
End  of  problem.  Yahoo’s  lost  password  feature 
is  less  than  worthless  and  should  have  been 
changed  years  ago.  It’s  obvious  that  they  did¬ 
n’t  listen  to  me. 

Mike  Ullman 

1,  too,  was  stunned  by  the  NW  poll  numbers 
(and  others)  that  showed  so  many  IT  profes¬ 
sionals  legitimizing  the  violation  of  her  e-mail 
account.  Sadly  I  think  the  numbers  would 
have  been  even  higher  had  there  been  any¬ 
thing  politically  titillating  in  her  account.  Such 
is  the  antagonism  of  this  year’s  political  sea¬ 
son.  (Of  course,  I  did  have  to  use  my  personal 
Yahoo  mail  account,  in  order  to  comply  with 
my  employer’s  security  policy,  but  that  is  for 
another  article.) 

Ken  Moss 


felt’s  real  scary  that  this 
many  people  in  the  IT  world 
have  no  ethics.  I’m  sure  they 
must  daily  use  their  IT 
resources  to  spy  on  their  co¬ 
workers  and  company,  and 
somehow  think  that  their 
behavior  is  justified.55 


►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 


■  ■  ■ 

■■  ■■■  ■ 

■■■  ■  ■■■ 
■  ■■ 

■■■  ■■■ 
■■■  ■■■  ■ 
■  ■  ■■■ 


■  ■■ 


■  ■■■  ■ 


To  get  the  client 

software,  use  your  phone  browser  to 
visit  wap.connexto.com 


For  more  information  on  code  scanning 
see  www.nww.com/codescan 


an 


I  used  to  work  in  the  clandestine  business  of 
electronic  snooping.  In  that  field,  the  only  rule 
is  sender  and  receiver  beware.  Any  action, 
short  of  killing,  was  considered  OK.  Then 
came  Watergate  and  the  laws  (observed  only 
by  some  U.S.  government  agencies)  against 
“evesdropping”  on  U.S.  citizens.  Now,  it  would 
appear,  we  observe  the  open  warfare  attitude 
that  “the  ends  justify  the  means,”  particularly 
when  it  comes  to  attacking  some  political  can¬ 
didates. 

Steve  Jones 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification. 
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The  new  SonicWALL  NSA  240  next  generation  firewall  delivers  600  Mbps1  in  network  throughput,  more  than 
three  times  the  performance  of  similarly  priced  Fortinet ,  Juniper  ,  Check  Point ,  WatchGuard  and  Cisco  devices /  •  V' 


FINALLY,  THE  NEXT  GENERATION  FIREWALL  THAT  CAN  GIVE  YOU  FULL 
NETWORK  PROTECTION  WITHOUT  COMPROMISING  PERFORMANCE. 


SO  MUCH  FOR  THE  STATUS  QUO 


The  award-winning  SonicWALL  Network 
Security  Appliance  (NSA)  Series  Is  the  first 
to  use  a  Reassembly-free  Deep  Packet 
Inspection  (RFDPI)  engine  in  combination 
with  a  multi-core  specialized  security 
microprocessor  to  deliver  gateway  anti¬ 
virus,  anti-spyware  and  intrusion  prevention 
at  gigabit  speed.  Now  you  don’t  have  to 
compromise  Security  in  exchange  for  network 
throughput.  Whether  you’re  running  a  small 
business  or  a  complex  enterprise,  the  newly 
expanded  NSA  Series  has  the  right  solution 
for  your  network  security  needs.  In  addition 
to  the  enterprise  ready  E-Class  NSA  Series, 
SonicWALL  is  introducing  the  new  NSA  240  for 
branch  offices  and  the  SMB.  The  NSA  Series 
has  the  enterprise-class  features  you’d 
expect  including  Application  Firewall, 
state  sync,  and  single  sign-on.  And  it 
combines  with  the  SonicWALL  Global 
Management  System  to  centrally  manage 
thousands  of  appliances.  Reliable,  multi¬ 
functional  threat  protection  now  comes  in  one 


SONICWALL 


NETWORK 

SECURITY 


PROTECTION  AT  THE  SPEED  OF  BUSINESS 


NETWORKWORLD.COM 

■  Follow  these  links  to  more  resources  online 


I BL0G08PHERE 


■  Fractals  and  network  security. 

Richard  Stiennon  writes  in  his  Stiennon  on 
Security  blog,  "Networks  are  fractals.  On  a 
large  scale  they  are  represented  by  simple 
assumptions:  outside  and  inside,  the 
Internet  versus  the  corporate  network.  As 
you  get  more  granular  you  see  the  remote 
offices,  home  users,  and  mobile  devices. You 
even  get  granular  differences  based  on  pro¬ 
tocol:  Skype  yes,  BitTorrent,  no.  Yes  it  is 
complicated.  Yes  it  is  difficult  to  protect.  But 
it  is  your  network,  your  assets,  your  busi¬ 
ness.  You  have  to  protect  the  network  so  you 
have  to  defend  your  perimeter.  You  cannot 
invest  the  type  of  money  it  would  take  to 
protect  every  endpoint,  application,  data¬ 
base,  and  user  from  every  attack.  It  is  a 
costly  mistake  to  buy  into  deperimeteriza- 
tion."  www.nwdocfinder.com/7027 

■  Five  things  the  BlackBerry  Storm  got 
right  that  the  iPhone  didn’t.  Mitchell 
Ashley  writes:  “First,  be  a  great  phone  and  e- 
mail  device.  That's  what  Smartphones  are 
supposed  to  do.  The  two  fundamental  killer 
apps  for  any  Smartphone  are  first  being  a 
great  phone  and  second  being  a  great  e-mail 
device.  BlackBerry  has  an  excellent  track 
record  of  succeeding  at  both.  I'll  use  my 
BlackBerry  World  Edition  8830  as  an  example. 
Phone  quality  is  top  rate.  It’s  simply  an  excel¬ 
lent  phone,  whether  you  are  talking  phone 
quality  or  the  software  user  interface  of  the 
BlackBerry.  I  never  have  complaints  about 
call  quality  and  don’t  suffer  many  dropped 
calls.”  www.nwdocfinder.com/7028 

■  Gender  gap  continues  in  IT,  telecom. 

Matthew  Nickasch  writes:  “I  had  the  oppor¬ 
tunity  to  discuss  the  issue  of  self  efficacy 
with  several  of  my  female  colleagues  in  an 
MIS  environment.  Almost  all  of  the  discus¬ 
sions  about  resistance  towards  an  MIS 
career  surrounded  this  inaccuracy.” 
www.nwdocfinder.com/7029 

■  CCDE  Practical  Beta  needs  some 
work.  Michael  J.  Morris  writes:  “I'm  sure  the 
goal  of  some  of  the  questions  was  to  be 
ambiguous  to  make  you  think  and  research 
the  documents  more,  but  some  could  easily 
be  interpreted  in  two  different  ways,  leading 
to  correct,  yet  wrong  answers.  Cisco  has 
noted  in  the  past  that,  in  some  places,  there 
are  multiple  right  answers.  Some  right  solu¬ 
tions  might  be  worth  more  points  than  other 
right  solutions.  Still,  I  think  this  needs  to  be 
cleaned  up  a  bit  more.The  questions  need  to 
be  easily  understandable  so  as  to  put  the 
tester  on  the  right  path,  even  if  they  choose  a 
slightly  different  solution  for  partial  points." 
www.nwdocfinder.com/  7029 


Out  of  your  ear 
headphones 

Earbud  headphones 
are  great,  but  make  it 
hard  to  hear  the  sur¬ 
rounding  world.  Keith 
Shaw  tries  out  two 
headphones  that  de¬ 
liver  your  music  with¬ 
out  plugging  your  ears. 

www.nwdocfmder.com/7032 


Physical  security 
enhanced  by  nets 

How  physical  security 
systems  — cameras, 
sensors  and  communi¬ 
cations  gear —  can  be 
meshed  into  a  cohesive 
monitoring  system 
using  networking  and 
software. 

www.nwdocfinder.com/7033 


Toshiba  readies 
fuel  cell 


Toshiba  is  close  to 
launching  its  first  com¬ 
mercial  direct-methanol 
fuel-cell,  a  device  that 
produces  electricity 
from  a  reaction 
between  methanol, 
water  and  air. 


www.nwdocfinder.com/7034  ) 
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Barbarians  at  the  gate? 
Not  with  this  Web  gateway 


Tech  exec:  According  to  Gartner, “The 
Internet  and  Internet  applications  will  be  the 
primary  sources  of  malware  infections  in  the 
enterprise  in  2008  and  beyond.  However,  most 
organizations  do  not  effectively  filter  malware 
from  Web  traffic.  Detecting  and  preventing 
malware  infections  will  increasingly  require  a 
network  gateway  at  the  Internet  edge.”  1  don’t 
know  if  John  Boline  read  that  statement  from 
Gartner  before  he  went  looking  for  a  Web 
gateway  product.  Probably  not.  But  Boline  did 
start  shopping  for  a  solution  after  his  com¬ 
pany  had  a  couple  of  events  that  let  the  IT 
department  know  it  had  a  problem.  Boline  is 
a  service  manager  at  Hagerman  &  Company,  a 
provider  of  CAD/CAM  products  and  services. 
Hagerman  is  headquartered  in  Illinois  and 
has  offices  in  18  other  U.S.cities.The  com¬ 
pany  runs  all  Internet  access  from  its  branch¬ 
es  through  the  corporate  office.  About  a  year 
ago,  some  employees  were  downloading  work 
materials  off  a  legitimate  Web  site  that  just 
happened  to  be  infected  with  malware. 

Before  long,  local  PCs  at  Hagerman  were  also 
infected  and  started  serving  up  undesirable 
content.The  devices  had  to  be  cleaned  manu¬ 
ally.  This  sort  of  incident  kept  repeating  itself. 
Boline  says  the  company  suffered  a  rate  of 


malware  infection  of  about  one  machine 
every  week.The  time  and  effort  to  clean  these 
PCs  was  growing.  He  resolved  to  find  a  solu¬ 
tion  that  would  stop  the  malware  from  enter¬ 
ing  his  network  at  the  Web  gateway 
www.nwdocfinder.com/7024 

Wireless:  The  battle  to  woo  you  to  a  particu¬ 
lar  wireless  camp  has  heated  up  in  the  past 
month. The  first  U.S.  mobile  WiMAX  service 
went  live  last  week,  just  as  devices  with 
embedded  connections  to  worldwide  High- 
Speed  Packet  Access  (HSPA)  3G  services 
began  being  aggressively  marketed  by  the 
GSM  Association.  In  the  meantime,  integrated, 
flat-rate  global  Wi-Fi  voice  and  data  service 
packages  have  also  become  available. 

The  U.S.  gained  a  commercial  mobile  WiMAX 
service  in  Baltimore  from  Sprint  Nextel’s 
Xohm  business  unit,  with  Washington,  D.C., 
with  Chicago  to  follow  by  year-end.  Sprint  and 
its  joint-venture  partner  Clearwire  expect  to 
cover  the  top  100  U.S.  markets  with  mobile 
WiMAX  service  by  late  20 10.  Worldwide,  there 
are  more  than  407  commercial  WiMAX  ser¬ 
vice  deployments  in  133  countries,  according 
to  the  WiMAX  Forum. 
www.nwdocfinder.com/7026 
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Printing  solutions 

as  easy  as 


Introducing  printers  that  put  you  completely  in  control.  Control  of  your  workflow 
with  web-based  remote  management  and  printer  status  monitoring  systems. 
Control  of 


your  costs  with  a  toner  save  function  and  low  total  cost  of  ownership. 
Control  operations  with  an  intuitive  interface,  simple  jam  recovery,  and  easy-to-use 
animation  based  troubleshooting  guide.  Samsung  printing  solutions  put  control 
where  it  belongs... at  your  fingertips.  For  more  information,  call  1-866-SAM-4BIZ 
or  visit  www.samsung.com/businessprinter 


Control  Workflow 


Control  Costs 


Control  Operations 
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Microsoft  set  to  release 
1 1  security  updates 

This  week  will  be  a  busy  one  for  system  administrators  as  Microsoft  plans  to 
ship  1 1  security  updates  —  four  of  them  rated  critical  —  for  its  products.The 
patches  will  include  fixes  for  critical  security  bugs  in  Windows  Active 
Directory  Internet  Explorer,  Excel  and  the  Microsoft  Host  Integration  Server. There 
also  will  be  six  less-critical  updates  for  Windows,  and  a  “moderate”  patch  for 
Office. This  month’s  Patch  Tuesday  marks  the  debut  of  two  Microsoft  security  ini- 
tiatives:The  Microsoft  Active  Protections  Program  and  the  Exploitability  Index.The 
MAPP  program  gives  security  vendors  an  edge  on  writing  protection  against  new 
attacks  by  offering  them  an  early  peek  at  the  bugs  Microsoft  will  be  patching  each 
month.  The  Exploitability  Index  should  make  it  easier  for  customers  to  decide 
which  patches  to  install  first  by  giving  Windows  users  a  better  idea  of  the  bugs 
Microsoft  finds  most  worrying,  www.nwdocfinder.com/7035 


BlackBerry  Storm  takes  on  iPhone. 

Verizon  last  week  announced  that  it  will  be 
supporting  Research  in  Motion’s  BlackBerry 
Storm  smartphone  on  its  network  in  Novem¬ 
ber.  RIM’s  first  touchscreen  device  can  con¬ 
nect  to  either  EV-DO  Rev.  A  or  HSPA  3G  cellu¬ 
lar  networks  and 
features  1GB  of 
onboard  memory 
storage  and  a 
card  slot  that 
allows  for  as 
much  as  16GB  of 
additional  storage. 
So  how  does 
Verizon’s  Black¬ 
Berry  Storm  offer¬ 
ing  stack  up 
against  AT&T’s 
iPhone  offering? 
Verizon  trumps 
AT&T  in  call  quali¬ 
ty  according  to  industry  surveys,  but  AT&T  has 
a  slight  edge  in  network  coverage.  In  terms  of 
enterprise  features,  the  BlackBerry  still  sets  the 
standard  for  enterprise  wireless  devices  be¬ 
cause  of  its  larger  array  of  security  policies, 
including  the  ability  for  IT  departments  to  dis¬ 
able  its  digital  cameras.  For  more  head-to- 
head  comparisons,  check  out  our  full  cover¬ 
age  online,  www.nwdocfinder.com/7036 

Firefox  for  Mobile  alpha  release  due. 

Mozilla  this  week  is  set  to  unveil  the  alpha 
release  of  its  mobile  Firefox  browser,  code- 
named  Fennec.The  alpha  code  is  aimed  at 
Mozilla  community  members,  specifically  to 
give  the  innovative  touch  user  interface  and 
the  feature  set  a  grueling  workout,  Mozilla 
says. The  alpha  version  supports  fingertip 
touch  interaction,  with  the  browser  designed 
to  use  the  full  device  screen  for  content.  One 
add-on  that  will  soon  be  introduced  is  based 
on  Mozilla’s  Weave  project:  the  goal  is  to  let  a 
user  seamlessly  move  from  desktop  to 


mobile  Firefox.  Initially  the  code  will  only  be 
available  for  Nokia’s  N810  Internet  Tablet.To 
let  more  developers  work  with  the  alpha 
code,  Mozilla  is  considering  a  version  to  run 
on  Windows  PCs. 
www.nwdocfinder.com/7037 

Citigroup  to  sell  off  its  Indian  back- 
office  operations.  Tata  Consultancy  Ser¬ 
vices,  India’s  largest  outsourcer,  has  reached 
an  agreement  to  acquire  Citigroup’s  interest 
in  Citigroup  Global  Services,  its  business 
process  outsourcing  arm  in  India,  for  about 
$505  million.  Under  the  agreement 
announced  last  Wednesday  TCS  will  provide 
$2.5  billion  worth  of  services  to  Citigroup  and 
its  affiliates  over  the  next  nine  and  a  half 
years, TCS  said. The  transaction  is  expected  to 
close  in  the  fourth  quarter  of  this  year.  Citi¬ 
group  Global  Services  has  more  than  12,000 
employees  in  India,  and  is  expecting  revenue 
of  $278  million  this  year.TCS  already  provides 
BPO,  IT  and  related  services  to  Citigroup. 
www.nwdocfinder.com/7038 

IBM  upgrades  top-selling  Unix  server. 

IBM  spruced  up  its  Unix  servers  with  faster 
processors  and  new  management  software, 
targeting  customers  who  want  to  use  its  hard¬ 
ware  for  virtualization  and  server  consolida¬ 
tion. The  Power  570,  IBM’s  top-selling  mid¬ 
range  server,  is  available  with  a  5GHz  Power6 
processor,  which  was  previously  available 
only  in  IBM’s  high-end  Power  595  system.  IBM 
also  doubled  the  maximum  density  for  the 
Power  570,  so  customers  can  put  as  many  as 
eight  4.2GHz  processors  in  each  server  node, 
or  as  many  as  four  5GHz  processors. The 
nodes  can  be  stacked  four  high  for  a  total  of 
32  4.2GHz  processors  in  a  single  box.  In  addi¬ 
tion,  IBM  is  testing  a  new  capability  for  its 
PowerVM  virtualization  software  that  lets 
administrators  share  virtual  system  memory 
between  partitions.  Also  planned  is  a  new  ver¬ 
sion  of  Active  Energy  Manager  that  lets  ad¬ 


ministrators  cap  the  energy  being  used  by  a 
pool  of  servers. 

www.nwdocfinder.com/7039 

Dell  bundles  backup  gear  for  SMBs.  Dell 

is  putting  together  hardware  and  software  for 
backup  and  recovery  in  one  system,  with 
integrated  software,  for  small  and  midsize 
businesses. With  its  PowerVault  DL2000  plat¬ 
form,  which  will  go  on  sale  later  this  month, 
Dell  aims  to  make  it  easier  for  SMBs  and 
branch  offices  with  limited  IT  expertise  to 
centralize  and  automate  their  backups.The 
platform  consists  of  the  DL2000  (a  Windows- 
based  x86  server  running  either  a  Comm- 
Vault  or  a  Symantec  software  stack)  and  a 
Dell  PowerVault  MD1000  disk  array.  As  an 
option,  customers  can  have  a  PowerVault 
TL2000,TL4000  or  ML6000Tape  Library 
added  on  for  long-term  archiving.  The  system 
will  be  put  together  in  the  factory  and 
shipped  as  a  turnkey  solution.  Prices  start 
between  $10,000  and  $15,000. 
www.nwdocfinder.com/7040 

Elite  group  to  study  identity/cybercrime 
issues.  IBM,LexisNexis  and  the  Secret  Service 
are  among  a  group  of  corporations,  govern¬ 
ment  agencies  and  academic  institutions  that 
has  formed  to  study  and  help  solve  identity 
management  challenges  around  cybercrime, 
terrorism  and  narcotics  trafficking.The  Center 
for  Applied  Identity  Management  Research 
will  study  those  issues  and  focus  on  develop¬ 
ing  real-world  tools  and  best-practices  recom¬ 
mendations  to  solve  them.The  nonprofit  re¬ 
search  organization,  which  will  be  headquar¬ 
tered  at  Indiana  University  brings  together  ex¬ 
perts  in  criminal  justice,  financial  crime,  bio¬ 
metrics,  cybercrime,  data  protection,  home¬ 
land  security  and  national  defense.  Gary 
Gordon,  a  senior  scholar  in  identity  manage¬ 
ment  at  Indiana  University  School  of  Law,  will 
be  CAIMR’s  executive  director. 
www.nwdocfinder.com/7041 

Oracle  to  buy  project  management 
player.  Oracle  last  week  said  it  plans  to  buy 
Primavera  Software,  maker  of  project  portfolio 
management  applications.  Along  with  technol¬ 
ogy,  Oracle  stands  to  gain  a  significant  cus¬ 
tomer  base  through  the  upcoming  deal.  Prima- 
vera’s  software  is  being  used  by  375  of  the  top 
400  engineering  companies  and  all  five 
branches  of  the  U.S.  military,  according  to  the 
companies. Terms  of  the  deal,  which  is 
expected  to  close  by  year-end,  were  not  dis¬ 
closed.  While  large  vendors  such  as  CA  and 
IBM  have  offerings  in  the  PPM  arena,  there 
also  are  a  number  of  smaller  vendors,  such  as 
Planview  and  Cardinis.As  for  Primavera,  it  “is 
the  granddaddy  of  project  management,” said 
Forrester  Research  analyst  Ray  Wang.“Every 
major  construction  project,  every  major  road 
project. . .  .This  is  like  an  industry  standard.” 
www.nwdocfinder.com/7042 
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Making  IT  work  as  one.  It's  what  sets  us  apart. 
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Harvard  details  call  center  trek 


BY  TIM  GREENE 

How  do  you  deploy  a  centralized  IP  contact 
center  across  10  different  networks?  This  is  the 
challenge  that  the  telecom  department  of 
Harvard  University  faced  in  2001  when  under¬ 
taking  a  replacement  for  its  existing  system. 

Last  week,  Michael  Rowe,  manager  of  systems 
and  applications  for  Harvard’s  Telecommuni¬ 
cations  Department,  shared  how  the  university 
overhauled  the  call  center  infrastructure  to 
embrace  IP  expand  features  and  keep  costs 
down. 

Because  of  the  complexity  of  the  mission 
and  the  fact  that  no  commercial  call  center 
was  designed  for  such  an  environment,  after 
seven  years  the  project  is  still  a  work  in  pro¬ 
gress,  Rowe  told  the  Association  for  Informa¬ 
tion  Communications  Technology  Profession¬ 
als  in  Higher  Education,  also  known  as  ACUTA. 

No  Harvard  unit  has  a  call  center  in  the  tra¬ 
ditional  business  sense  of  a  roomful  of  agents 
trained  to  handle  similar  calls.  Instead,  the  cen¬ 
ters  consist  of  groups  of  agents  (as  few  as  three 
but  no  more  than  21)  spread  around  Harvard 
facilities  in  Boston  and  Cambridge,  Mass.  The 
goal  was  to  have  a  single  call-distribution 
device  that  could  handle  all  of  them. 

At  the  outset  of  the  project  in  2001 ,  the  phone 
system  was  centralized,  delivered  via  Verizon 
Centrex  over  Primary  Rate  Interface  trunks  to 
30,000  phones.  Call-center  features  also  were 


provided  by  Verizon,  queuing  up  everything 
from  help-desk  calls  to  questions  about  univer¬ 
sity  medical  benefits. 

When  Verizon  decided  to  phase  out  the  ser¬ 
vice,  Harvard  went  looking  for  a  replacement 
that  could  route  calls  to  appropriate  extensions 
as  they  came  in. 

Even  with  the  help  of  a  consultant,  finding 
the  right  product  was  difficult,  Rowe  says. 
After  reviewing  16  RFPs,  the  telecom  team 
chose  six  finalists  to  demonstrate  their  wares. 
The  results  were  dismal:  Only  a  few  managed 
to  get  their  systems  to  work  in  the  university 
environment.  The  team  chose  Customer 
Interaction  Center  (CIC)  from  Interactive 
Intelligence,  because  it  had  more  flexible 
administration  and  allowed  for  expansion  to 
meet  future  demand,  he  says. 

Still,  CIC  wasn’t  ideal.  It  required  adding 
Active  Directory  and  Exchange  servers  to 
the  network.  Initially  Rowe  placed  two 
servers  in  the  Harvard  data  center  where 
they  could  back  each  other  up  automatical¬ 
ly,  but  the  automatic  backup  never  worked 
smoothly.  The  servers  proved  temperamen¬ 
tal,  failing  over  at  the  slightest  glitch  and 
always  requiring  human  intervention,  he 
says.  “The  software  worked  great,  the 
switchover  was  the  problem.  It  was  not  a 
good  solution,”  he  says. 

So,  when  the  telecom  department  moved  to  a 


site  served  by  two  central  offices,  Rowe  saw  it 
as  an  opportunity  to  split  up  the  CIC  servers 
also,  sacrificing  redundancy  but  gaining  diver¬ 
sity  of  routing  that  could  keep  the  university 
supplied  with  service  if  one  central  office 
failed,  he  says. 

CIC  had  other  challenges.lt  was  designed  to 
work  best  when  phones  are  plugged  directly 
into  it.  Because  Harvard  phones  were  on  the 
Centrex  network,  each  had  to  be  treated  as  a 
remote  extension.  That  meant  bridging 
incoming  calls  to  the  agent  extensions,  which 
ate  up  two  PRI  channels  —  one  for  the 
incoming  call  and  one  for  the  bridge  to  the 
right  extension. 

The  software  agents  that  ran  on  agent  work¬ 
stations  were  also  a  bad  fit.  They  required 
upgrading  periodically  and  that  was  a  logistic 
and  administrative  nightmare. The  various  call- 
center-agent  clients  were  dispersed  on  ma¬ 
chines  and  networks  with  different  support 
policies  and  staff. 

To  overcome  this  problem,  Harvard  decided 
to  use  Citrix  Systems  to  get  the  fat-client  CIC 
software  off  agents’ workstations  and  centralize 
the  application.That  involved  installing  a  Citrix 
server  and  learning  to  support  it,  but  the  effort 
was  worth  it  by  eliminating  desktop  mainte¬ 
nance,  he  says. 

By  2007,  maintaining  PRI  cards  on  the  CIC 
server  became  unwieldly  So,  the  university 
installed  AucioCodes  TDM-VoIP  gateways  to 
route  calls  between  the  Centrex  service  and 
the  CIC  servers. 

This  setup  let  Harvard  link  the  CIC  servers  in 
the  two  via  IP  so  they  again  could  back  each 
other  up.  So,  he  now  had  redundant,  backup 
servers  placed  in  separate  locations  to  improve 
survivability  in  a  disaster. 

About  the  same  time  the  university  decided 
it  should  protect  the  Citrix  server  better  and 
make  it  more  robust,  so  it  expanded  the  deploy¬ 
ment.  Citrix  servers  were  placed  in  isolated  net¬ 
work  segments  between  firewalls,  where  they 
provided  access  to  the  CIC  servers.  This 
improved  security  for  the  servers  and  allowed 
support  for  multiple  Citrix  versions.  It  also 
allowed  room  for  growth. 

The  downside  is  that  the  expanded  Citrix 
deployment  is  more  expensive  than  the  single 
server,  and  represents  one  more  technology  to 
manage,  Rowe  says. 

Harvard  recently  installed  an  operator’s 
console  on  the  CIC  platform,  enabling  direc¬ 
tory  search  by  whoever  answers  the  phone. 
The  console  was  released  about  the  same 
time  Harvard  was  looking  for  a  new  directory 
assistance  application,  so  it  was  a  good  fit, 
Rowe  says. 

With  60,000  directory  listings,  the  database 
is  large;  search  was  slow,  but  at  Harvard’s 
request,  Interactive  Intelligence  has  stream¬ 
lined  it  so  a  search  won’t  start  until  a  full 
name  is  entered.  ■ 


How  Harvard  distributes  its  call  centers 

Integrating  Centrex  phones  with  an  IP  call-center  platform  that  serves 
agents  in  Harvard  University’s  small  and  dispersed  call  centers  proved  to 
be  a  challenge.This  diagram  is  a  conceptual  look  at  how  it’s  done. 


Calls  from  outside 
the  university  come 
through  a  Verizon 
Centrex  service  that 
connects  to  the  school 
from  two  central 
offices  to  give  route 
diversity. 

An  AudioCodes  IP 
gateway  routes  calls 
to  the  IP-based 
Interactive  Intelli¬ 
gence  Customer 
Interaction  Center 
server,  which 
distributes  the  calls 
to  the  appropriate 
agents  using  VoIP  or 
back  through  the 
gateway  to  Centrex 
phones. 


Outside  callers  Remote  agent  workstation 


Audio 


Call  distribution 
servers _ 

Citrix  servers 

SIP  proxy 


Citrix  Systems  servers  in  the 
Harvard  network  support 
access  to  applications  that 
agents  need,  and  simplify 
the  software  images  on  their 
desktops. 
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personnel.  The  idea  of  donning  multiple  hats 
isn’t  a  new  one  for  many  IT  shops,  but  today’s 
economy  is  changing  what  used  to  be  a  quick 
fix  into  standard  operating  procedure. 

“Our  operating  expenditure  budgets  have 
been  frozen  and  cut,  and  we  currently  have  a 
hiring  freeze  in  effect.  There  is  an  obvious 
direct  financial  impact  to  our  institution 
when  there  is  this  amount  of  uncertainty  in 
the  market,”  says  John  Turner,  director  of  net¬ 
works  and  systems  at  Brandeis  University  in 
Waltham,  Mass. 

As  a  member  of  senior  management, Turner 
says  it’s  his  job  to  align  staff  with  emerging 
responsibilities.  For  instance,  the  need  for 
storage  administration  at  Brandeis  drove 
Turner  to  assign  additional  responsibilities  to 
a  systems  engineer  and  a  database  adminis- 


Economic  crisis  causes 
IT  budget  cuts 

A  poll  of  50  CIOs  shows  that  a 
majority  are  reassessing  how  to 
spend  their  IT  budget  dollars  in  2009. 

devaluating  2009  budget  plans: 

61% 

[Renegotiating  IT  vendor  contracts: 

iHHHHHHHHi 59% 

Putting  nonessential  IT  projects  on  hold: 

IHHHHHHHH 59% 

Reevaluating  IT  projects  to  conserve  cash: 

1 54% 

jCutting  consultant  and  contractor  spending: 

1 49% 

(introducing  travel  restrictions  in  IT: 

1 49% 

j  Increasing  hurdle  rate  for  new  IT  investments: 

1 30% 

Changing  assumptions  on  external  IT  costs: 

1 27% 


(Introducing  a  hiring  freeze  in  IT: 

1 24% 


(Accelerating  legacy-system  retirement: 

1 22% 


Lengthening  the  time  to  pay  invoices: 

MM  15% 

Reducing  service  levels: 

!  15% 


SOURCE:  CIO  EXECUTIVE  BOARD 


trator.  Other  organizations  may  be  able  to  cre¬ 
ate  a  new  position  based  on  the  need  to  bet¬ 
ter  manage  storage,  but  Turner  doesn’t  have 
that  option.  Putting  the  work  on  existing  staff, 
however,  can  provide  the  IT  professional 
some  benefits,  he  says. 

“They  are  in  the  trenches  and  they  are  not 
removed  from  any  bit  of  the  technology,  which 
is  good  in  terms  of  broadening  their  knowl¬ 
edge  and  skills,” Turner  explains. “Plus,  when  a 
systems  engineer  needs  storage,  in  our  case,  he 
doesn’t  have  to  request  the  space;  he  can  pro¬ 
vision  it  on  his  own.” 

The  downside  is  that  IT  at  Brandeis  has 
been  operating  on  a  tight  budget  for  years, 
and  additional  economic  stress  further  bur¬ 
dens  staff  and  limits  what  IT  can  accomplish 
in  the  long  term. 

“Brandeis  has  not  been  graced  with  a  large 
staffing  budget;  and  the  problem  when  you  do 
things  efficiently  to  start  is  that  when  a  crisis 
occurs  and  there  is  a  budget  crunch,  there  is 
nowhere  to  cut  from, ’’Turner  says.“The  stress  on 
staff  is  short  term,  they  can  only  do  so  much 
work  for  so  long;  but  long  term,  the  institution 
will  suffer  if  we  can’t  hire.” 


Get  used  to  pitching  in 

James  Kritcher  says  his  organization  in  the 
past  12  months  has  retracted  requisitions  for 
additional  personnel  as  a  result  of  the  business 
climate.  As  vice  president  of  IT  at  White  Elec¬ 
tronic  Designs  in  Phoenix,  Kritcher  pitched  in 
to  head  up  the  company’s  enterprise  risk  man¬ 
agement  (ERM)  program. 

“Certainly  one  factor  in  my  assumption  of 
these  tasks  was  a  hesitancy  to  incur  the  costs  of 
hiring  a  new  person  to  perform  them,”  Kritcher 
explains.“I  had  the  knowledge,  and  was  willing 
to  take  them  on  because  it  will  give  me  addi¬ 
tional  credibility  with  my  IT  peers,  as  well  as 
the  company’s  board.” 

One  caution,  however,  is  to  not  take  on  too 
much.  Kritcher  says  he  tries  to  approach  addi¬ 
tional  work  with  realistic  expectations  and 
choose  duties  that  seem  a  natural  add-on  to  his 
primary  responsibilities.  For  instance,  his  own¬ 
ership  of  the  company’s  ERM  program  evolved 
from  his  work  in  IT  disaster-recovery  planning. 

“You  have  to  ensure  your  IT  responsibilities 
don’t  suffer,”  Kritcher  says.“Because  as  much  as 
doing  more  work  can  help  your  credibility  if 

See  Crisis,  page  15 


Economic  malaise  hits 
the  IT  industry 


BY  JON  BRODKIN 

Some  disappointing  earnings  and  a  shortage 
of  IPOs  are  two  signs  that  the  struggling  econ¬ 
omy  is  taking  a  toll  on  the  technology  sector. 

Enterprise-software  giant  SAP  says  customer 
concern  about  stock  markets  caused  “a  very 
sudden  and  unexpected  drop  in  business 
activity  resulting  in  lower-than-expected  earn¬ 
ings.  CRM  vendor  RightNow  Technologies  says 
it  lost  money  in  operating  expenses  in  Sep¬ 
tember,  essentially  because  customers  are  tak¬ 
ing  longer  to  pay  their  bills. 

IPOs,  meanwhile,  are  scarcer  than  they  have 
been  in  30  years.  That’s  bad  news  for  the  tech 
industry  which  typically  does  more  IPOs  than 
any  other  sector. 

Customers  are  less  likely  to  buy  new  prod¬ 
ucts  in  a  bad  economy,  of  course.The  question 
is  how  long  the  current  malaise  will  last. 

“It’s  not  clear  to  me  whether  or  not  we’ve  hit 
the  bottom  of  the  trough  yet,” says  Pund-IT  ana¬ 
lyst  Charles  King  about  the  ongoing  stock  mar¬ 
ket  plunges.  “The  further  it  goes  down  from 
here,  the  longer  it  will  take  to  recover” 

Some  financial  analysts  have  cut  their 
earnings  forecasts  for  such  companies  as 
IBM,  HP  Dell,  Sun  and  EMC,  according  to  a 
Dow  Jones  report. 

IBM,  however,  last  week  reported  a  20%  in¬ 
crease  in  net  income  for  its  third  quarter  and 
says  its  profit  outlook  for  the  full  year  remains 
on  track.  Also  reporting  good  news  is  NetScout 


Systems,  a  network  performance-management 
vendor.  The  company  says  its  earnings  remain 
on  track  because  of  strong  sales  in  the  wireless 
and  government  markets. 

The  storage  market  has  performed  relatively 
well  despite  the  tough  economy,  because  it’s 
difficult  to  put  off  storage  purchases  when  data 
volumes  are  greatly  expanding,  King  notes. 

Virtualization  also  should  continue  doing 
well  because  it  saves  customers  money  by 
allowing  them  to  run  more  applications  on 
fewer  servers,  King  says. 

Such  companies  as  SAP  and  Sun,  however, 
could  continue  to  suffer  because  they  rely 
heavily  on  customers  in  the  financial  and 
banking  industries,  the  failures  of  which  are 
driving  the  current  economic  crisis,  King  says. 

“There’s  so  much  uncertainty  in  the  financial 
and  banking  industries,  I  would  expect  pur¬ 
chases  there  to  slow  dramatically  King  says. 

SAP  announced  on  Oct.  6  that  its  third- 
quarter  revenue  will  be  around  $2.6  billion, 
more  than  last  year  but  less  than  expected. 
Things  did  not  take  a  turn  for  the  worse  until 
near  the  end  of  the  quarter,  says  SAP  co-CEO 
Henning  Kagermann.  SAP  stock  dropped 
more  than  15%  after  the  company  an¬ 
nounced  its  updated  revenue  expectations. 

For  many  IT  companies,  “deals  were  either 
cancelled  or  deferred  [the  last  two  weeks  of 
September]  because  of  the  current  market  cli- 

See  Economy,  page  15 
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you  don’t  perform,  your  reputation  can  take  a 
hit  —  even  if  you  had  the  best  intentions.” 

At  Metrocorp  Publications,  IT  has  been  asked 
for  quite  some  time  to  put  off  nonessential  pro¬ 
jects,  such  as  desktop  operating  system  up- 
grades.“For  the  past  six  months,  we  have  been 
asked  to  hold  off  on  all  investments  that  are 
nonessential  to  provide  a  cushion  for  the  eco¬ 
nomic  downturn  our  management  expected 
would  come,”  says  Chris  Majauckas,  computer 
technology  manager  for  the  Boston  company 
that  puts  out  Boston  Magazine  and  Philadel¬ 
phia  Magazine. 

Because  reducing  an  IT  staff  of  two  employ¬ 
ees  isn’t  feasible,  Majauckas  works  to  find  ways 
around  spending  money  —  even  taking  on 
mechanical  and  electrical  assignments,  such 
as  modifying  cubicle  design  and  rewiring  the 
area  for  staff. 

“Before  I  look  to  an  outside  vendor,  I  assess  if 
I  can  perform  the  job  and  save  the  company  a 
few  thousand  dollars,”  Majauckas  explains.  “It 
makes  me  more  valuable  to  the  company  and 
hopefully  if  it  comes  to  cutting  staff,  manage¬ 
ment  will  think  twice  about  reducing  my  posi¬ 
tion  to  bring  in  a  contractor” 

If  economic  turmoil  doesn’t  always  force 
IT  to  cut  budgets  and  slash  staff,  it  certainly 
reminds  them  to  eliminate  redundancy  in 
duties.  Bruce  Meyer,  director  of  network  ser¬ 


vices  at  ProMedica  Healthcare  in  Toledo, 
Ohio,  says  his  organization  is  consolidating 
functions  performed  on  the  voice  and  data 
side  under  his  purview.  The  voice  and  data 
network  engineers  used  to  operate  indepen¬ 
dently,  but  as  ProMedica  rolls  out  VoIP  the 
opportunity  to  streamline  operations  pre¬ 
sented  itself. 

“No  one  is  losing  a  job  necessarily  but  every¬ 
one  is  tight  now,  so  we  are  trying  to  get  more 
out  of  the  staff  we  have,”  Meyer  says. 
“Consolidating  this  Layer  1  functionality  —  a 
jack  is  a  jack  and  cable  is  cable,  and  it’s  all  in 
the  same  closet  now  —  prevents  us  from  hav¬ 
ing  two  people  doing  the  same  thing  and  adds 
more  efficiency  to  our  staff.” 

Others  say  the  current  economy  simply 
shines  a  spotlight  on  how  IT  is  expected  to 
operate  normally  For  instances  company  con¬ 
sidering  establishing  a  director  of  business 
applications  might  opt  to  reassign  staff  instead 
of  hiring  a  new  employee  regardless  of  Wall 
Street’s  status. 

“It’s  the  nature  of  IT  now  to  blend  responsi¬ 
bilities  and  create  dual  roles,  in  part  because 
some  of  the  technical  capabilities  can  be 
applied  across  IT  domains  but  also  because  it 
simply  doesn’t  make  sense  to  spend  $80,000 
per  year  to  hire  a  full-time  employee  when  you 
can  get  the  job  done  by  making  that  role  one- 
third  of  someone’s  job,” says  Chris  Holbert.CIO 
and  COO  at  LaunchPad  Communications  in 
Los  Angeles.  ■ 


Economy 

continued  from  page  14 

mate,”  writes  David  Mitchell  of  research  firm 
Ovum. “Losing  a  deal  to  a  ‘no  deal’  rather  than 
to  a  competitor  was  commonplace.” 

Companies  should  diversify  the  types  of 
products  and  services  they  sell  and  target  geo¬ 
graphic  regions  abroad,  Ovum  says. 

SAP  rival  Oracle  still  seems  to  be  doing  well, 
according  to  a  Goldman  Sachs  research  note. 
Maintenance  contracts,  a  continuing  source  of 
revenue,  represent  nearly  50%  of  Oracle’s  sales, 
and  about  40%  of  SAP  sales. 

RightNow Technologies, on  the  other  hand, is 
suffering  from  the  same  problems  afflicting 
SAP  according  to  Goldman  Sachs.  “The  com¬ 
pany  now  expects  to  report  negative  cash  flow 
from  operations  in  the  quarter  primarily  due  to 
a  lengthening  of  payment  terms  and  slower 
cash  collections,”  the  analyst  writes. 

While  long-established  companies  are  feel¬ 
ing  the  pain, so  are  start-ups  trying  to  get  off  the 
ground.  There  were  zero  venture-capital- 
backed  IPOs  in  the  second  quarter  of  2008,  the 
first  time  that’s  happened  in  30  years,  accord¬ 
ing  to  PricewaterhouseCoopers.  In  the  first 
three  quarters  of  2008  combined,  there  were 
six  venture-capital-backed  IPOs,  the  lowest 
total  since  1977,  according  to  the  National 
Venture  Capital  Association. 

IDG  News  Service  contributed  to  this  report. 
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Microsoft  airs  SQL  Server  plan 

SQL  Server,  Office  are  key  to  driving  business  intelligence  to  users 


Accelerated  timeline 


Just  two  months  after  the  release  of  SQL  Server  2008,  Microsoft  is  outlin¬ 
ing  the  next  version  and  its  plans  to  have  the  database  anchor  a  set  of  new 
business  intelligence  capabilities  that  it  hopes  will  bring  Bl  to  the  masses. 

•  Jan.  14,  2006  —  SQL  Server  2005  Enterprise  Edition  released. 

•  Aug.  6,  2008  —  Microsoft  releases  SQL  Server  2008  to  manufacturing  (official  gener¬ 
al-availability  date  is  Nov.  7,  2008). 

•  Oct.  6,  2008  —  Microsoft  unveils  next  version  of  SQL  Server  code-named  Kilimanjaro; 
Gemini,  a  set  of  self-service  analysis  capabilities;  and  Madison,  a  highly  scalable  data¬ 
base  appliance. 

•  First  half  of  2010  —  Delivery  of  Kilimanjaro,  Gemini,  Madison. 


BY  JOHN  FONTANA 

Microsoft  last  week  began  its  uphill  battle  to 
make  business  intelligence  software  pervasive 
across  corporate  computing  through  capabili¬ 
ties  it  will  build  into  its  Office  desktop  suite 
and  infrastructure  software  spearheaded  by 
SQL  Server. 

Even  before  the  Nov.  7  official  general 
release  of  SQL  Server  2008,  Microsoft  took  the 
unusual  step  of  outlining  the  next  version  of 
the  database  and  a  set  of  BI  add-ons  and  inte¬ 
grations  designed  to  make  the  technology  eas¬ 
ily  available  via  familiar  Windows-based  tools. 

The  company  made  the  announcements 
last  week  at  its  second  annual  business  intelli¬ 
gence  conference. 

At  the  conference,  Microsoft  said  its  goal  is  to 
build  a  business  intelligence  platform  using 
the  next  version  of  SQL  Server,  code-named 
Kilimanjaro,  SharePoint  Server,  Office 
Communications  Server  (OCS),  Office 
Performance  Point  Server  and  the  Excel  desk¬ 
top  spreadsheet  program  along  with  other 
Office  applications. 

The  intent  is  to  simplify  complex  business 
intelligence  technology  so  more  users  can 
access  data  across  disparate  sources,  aggre¬ 
gate  that  data,  build  charts  and  reports  using 
Excel,  and  share  the  resulting  applications  via 
SharePoint  and  OCS. 

Microsoft  also  plans  to  include  a  highly  scal¬ 
able  data  warehousing  version  of  SQL  Server 
that  will  be  offered  in  an  appliance  by  its  hard¬ 
ware  partners.  “They  are  trying  to  break  the 
mold  on  how  BI  has  been  done  and  set  the 
stage  for  how  Bl  will  be  done  going  for¬ 
ward,”  says  John  Hagerty,  vice  president  and 
research  fellow  at  AMR  Research. 

Today,  business  intelligence  is  constrained 
mostly  by  the  financial  and  manpower 
resources  IT  can  dedicate  to  building  and 
deploying  the  pieces  needed  on  the  client 
and  the  server.  Microsoft  wants  to  eliminate 
that  constraint  by  giving  users  self-service 
tools  to  build  their  own  business  intelligence 
applications  via  access  to  such  corporate 
data  sources  as  SAP 

However,  Microsoft  says  the  platform  will 
ensure  IT  maintains  governance  over  access 
controls  to  corporate  repositories  and  indi¬ 
vidual  files. 

But  it  won’t  happen  overnight. 

“  [This]  is  not  going  to  be  available  until  2010 
so  we  are  talking  a  long-term  vision  and  not 
near-term  deliverables,”  Hagerty  says. 

Microsoft  is  wise  to  announce  its  intentions 
so  customers  can  “get  their  heads  around  it” 
given  the  drastic  changes  Microsoft  seeks  in 
whittling  down  monolithic  business  intelli¬ 
gence  systems  into  just  another  set  of  desktop 
applications,  Hagerty  says. 


The  Kilimanjaro  version  of  SQL  Server  is 
slated  for  release  in  the  first  half  of  2010  with 
a  focus  on  self-service  and  reporting  capabil¬ 
ities  for  BI.  Microsoft  plans  to  have  a  commu¬ 
nity  technology  preview  (CTP)  available 
within  the  next  12  months. 

The  self-service  features  are  wrapped  up  in  a 
set  of  technologies  code-named  Gemini, 
which  let  users  build  business  intelligence 
applications  that  can  access  data  across  many 
sources,  compile  the  data  into  charts  and 
reports,  and  share  those  results. 

Microsoft  also  plans  to  integrate  the  uni¬ 
fied  communications  capabilities  of  Office 
Communications  Server,  which  includes 
instant  messaging  and  VoIP  to  aid  the  shar¬ 
ing  of  BI  results. 

Microsoft  says  much  of  the  Gemini  tech¬ 
nology  will  be  tied  to  Excel,  allowing  users 
of  that  desktop  program  access  to  the  self- 
service  analytics. 

To  succeed  at  the  business  intelligence 
transformation,  Microsoft  faces  an  uphill 
battle  against  established  players  who  have 
owned  and  defined  the  BI  landscape  for  a 
number  of  years. 

In  addition,  those  pure-play  vendors  are 
working  under  the  umbrella  of  the  giants  in 
the  software  industry:  Business  Objects  is 
owned  by  SApCognos  has  been  acquired  by 
IBM, and  Hyperion  is  part  of  Oracle. 

A  report  by  Gartner  earlier  this  year  said 
Microsoft  still  “lags  behind  pure-play  vendors 
in  terms  of  metadata  management,  reporting, 
and  dashboard  and  ad  hoc  query  capabilities.” 

Those  are  deficiencies  Microsoft  plans  to 
systematically  address. 

With  Gemini,  Microsoft  plans  to  keep  IT  at 
the  top  of  the  food  chain  “One  important  thing 
about  Gemini  is  managed  self-service,”  says 
Fausto  Ibarra,  director  of  product  manage¬ 
ment  for  SQL  Server. “Managed  means  IT  is  in 


control  of  the  process  where  today  end  users 
use  Excel  without  control  of  IT  or  without  con¬ 
trol  of  data.” 

With  Gemini,  IT  will  be  able  to  see  how 
data  is  being  shared,  have  control  of  security 
on  the  data  and  will  make  data  sources 
available  to  users. 

Those  sources  could  include  ERP  data, 
mainframe  applications  and  independent 
software  programs. 

Another  key  feature  of  Gemini  is  in-memory 
BI,  which  analyzes  large  amounts  of  data  in 
memory  in  order  to  speed  performance. 

“We  believe  the  combination  of  Kilimanjaro 
with  the  Gemini  technologies  plus  Madison 
will  enable  us  to  truly  democratize  BI  and 
make  it  available  to  everyone  in  the  organiza¬ 
tion,”  Ibarra  says. 

Last  week,  Microsoft  also  unveiled  plans 
for  Madison,  a  highly  scalable  database  tech¬ 
nology  that  would  be  available  in  an  appli¬ 
ance.  Madison  integrates  SQL  Server  with 
technology  the  company  acquired  when  it 
bought  DataAllegro  earlier  this  year. 

DataAllegro  developed  large-volume  data 
warehousing  appliances,  and  Microsoft 
hopes  to  scale  Madison  to  handle  hundreds 
of  terabytes  of  data.  Last  week  at  its  business 
intelligence  conference,  Microsoft  showed 
a  demonstration  of  Madison  using  1  trillion 
rows  of  data. 

Microsoft  also  plans  to  use  data  quality 
technology  acquired  when  it  bought  Zoomix 
in  July  to  enhance  the  quality  of  available 
information.  Microsoft  would  only  say  the 
technology  will  come  in  “future  versions”  of 
SQL  Server. 

CTPs  of  Madison  will  roll  out  in  the  next 
12  months,  with  the  appliances  available  in 
the  first  half  of  2010.  Dell,  HP  Unisys,  Bull 
Systems  and  EMC  have  signed  on  as  hard¬ 
ware  partners.  ■ 
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ALLMFPs  SORT  PAGES. 

THIS  ONE  SORTS  YOUR  OFFICE 


The  HP  Color  LaserJet  CM6040  MFP  can  help  you  take 
control  of  printing  and  copying.  With  tools  like  Web 
Jetadmin,  IT  can  be  more  productive.  It  also  limits  help 
desk  calls  with  automatic  toner  and  maintenance  alerts 
It's  part  of  a  new  breed  of  workflow-enhancing  MFPs 
from  HP.  That's  alternative  thinking  about  printing. 


hp.com/go/6040 
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Sprint  zooms  Xohm  into  business 


BY  JOHN  COX 

The  gleaming  black  shuttle  van  slams  down 
into  a  pothole,  jolts  and  shudders  over  con¬ 
struction-scarred  streets  in  downtown 
Baltimore,  slows  for  late  morning  traffic  and 
speeds  up  again,  rattling  over  cobblestones. 

But  inside  a  handful  of  WiMAX-equipped 
notebook  computers  remain  linked  to 
Sprint’s  Xohm  (“zome”)  network,  showing 
consistent  and  unprecedented  broadband 
wireless  download  speeds  ranging  from 
3.7M  to  5Mbps  on  the  downlink  and  1.8M  to 
2.6Mbps  on  the  uplink. 

On  a  flat-panel  screen  mounted  at  the  rear 
of  the  van,  the  movie  “Men  in  Black”  streams 
from  the  Hulu.com  video  site  without  a 
flicker  or  blur,  even  as  the  van  cruises 
through  multiple  handoffs  between  some  of 
the  182  (and  counting)  WiMAX  towers  that 
blanket  about  75%  of  the  city 

As  a  demonstration  of  what  WiMAX  and 
Xohm,  the  first  large-scale  mobile  WiMAX  net¬ 
work  in  the  United  States,  is  delivering,  the  van 
ride  is  dramatic. 

In  a  nearby  townhouse,  a  laptop  plugs  via 
Ethernet  cable  into  a  XyXEL  WiMAX  router, 
coupled  with  a  massive  Samsung  flat-panel 
screen  showing  Internet  news  sites  and  stream¬ 
ing  video  in  the  living  room.  In  the  kitchen 
overlooking  part  of  Baltimore  harbor,  two  lap¬ 
tops  show  a  side-by-side  speed-test  compari¬ 
son  of  Sprint’s  3G  network  and  Xohm:  678Kbps 
down,  520kbps  up  for  3G;  4.2Mbps  down, 
1.3  Mbps  up  for  WiMAX. 

Xohm’s  target 

As  dramatic  as  the  van  ride  was,  it’s  the  com¬ 
bination  of  residential  wireless  Internet  access 
and  nomadic  laptop-based  computing  that 
will  likely  be  the  initial  attraction  for  Xohm, 
which  executives  billed  as  the  first  4G  network 
in  the  United  States. 

“Xohm  targets  both  segments  [nomadic  and 
fixed  residential] ,  and  that’s  a  powerful  differ¬ 
entiator  for  WiMAX,  because  you  cannot  do 
this  in  a  scalable  way  with  3G,”  says  Monica 
Paolini,  president  of  Senza  Fili  Consulting,  a 
wireless  consultancy  “Xohm  basically  supports 
what  subscribers  perceive  as  two  services,  pri¬ 
mary  fixed  home  broadband  and  nomadic  or 
mobile  access,  within  a  single  network  and,  for 
subscribers,  a  single  contract.” 

That  target  was  underscored  during  a  press 
conference  last  week,  which  featured  a  variant 
of  the  traditional  ribbon-cutting  ceremony: 
Barry  West,  Xohm  president  and  CTO,  posed 
with  a  two-handed  lopping  shears  to  cut 
through  a  blue  Ethernet  cable  as  cameras 
flashed. “How  about  a  special  one  for  Verizon?” 
he  joked,  to  another  round  of  camera  flashes, 
and  then  snipped  through  the  cable. 

The  network,  with  Samsung  base  stations, offi¬ 
cially  went  live  on  Sept.  29. 


Eventually  the  network  will  have  just  more 
than  300  base  stations,  with  picocells  to  fill  in 
outdoor  coverage  holes,  according  to  Atish 
Gude,  Sprint  senior  vice  president  for  mobile 
broadband  operations.  Each  cell  has  been  por¬ 
tioned  into  three  sectors,  with  enough  spec¬ 
trum  available  to  create  three  non-overlapping 
channels,  which  minimize  interference. 

(For  the  Baltimore  press  event,  Sprint  set  up  a 
WiMAX  “cell  site  on  wheels”  on  a  nearby 
rooftop.  A  spokesman  said  it  was  standard  pro¬ 
cedure  for  special  events  drawing  additional 
users  and  traffic.) 

Cultivating  client  devices 

But  last  week,  Sprint  focused  on  the  devices 
and  users  that  this  network  will  support. 
Onstage  with  West  were  Sprint  CEO  Dan  Hesse, 
Intel  Chief  Sales  and  Marketing  Officer  Sean 
Maloney  and  executives  from  nearly  a  dozen 
device  makers,  covering  PCMCIA  cards,  cus¬ 
tomer-premises  gear,  four  notebook  makers 
(Acer,  Asus,  Lenovo  and  Toshiba,  all  showing 
models  with  embedded  WiMAX  radios),  and 
Nokia,  which  was  featuring  the  WiMAX  edition 
of  its  N810  Internet  Tablet. 

But  this  first  crop  of  devices,  and  the  demon¬ 
strations  designed  around  them, shows  Sprint’s 
initial  focus  on  marketing  Xohm  as  an  all-IP 
data  network  that  can  be  accessed  anywhere 
there’s  coverage.“Xohm  will  extend  your  home 
and  office  [computing]  environment,  wher¬ 
ever  you  are,”West  says.“It  will  change  the  way 
the  Internet  is  accessed.” 

Eventually,  maybe.  But  Xohm’s  network, 
and  much  of  its  marketing,  is  aimed  at  trad¬ 
ing  on  the  familiar  way  nomadic  laptop 
users  today  access  the  Internet:  sitting  down 
in  range  of  a  radio,  opening  their  laptop,  and 
finding  a  signal. 

What’s  new  is  being  able  to  eventually  do  this 
anywhere  in  Baltimore.  But  until  a  new  crop  of 
mobile  devices  emerge,  Xohm’s  mobile 
WiMAX  remains  a  service  for  nomadic  users 
and  fixed  applications. 

Nokia’s  N810  Internet  Tablet  is  part  of  the 
emerging  class  of  mobile  Internet  devices, 
which  are  smaller,  lighter  and  easier  to  use  on 
the  go  than  conventional  laptops,  and  most  of 
all,  much  less  expensive.  The  WiMAX  version, 
available  this  month,  will  cost  less  than  $500,  a 
slight  premium  over  the  original  device.  But 
Nokia  has  no  definite  plans  at  this  point  for 
future  WiMAX-enabled  products,  either  as  part 
of  the  tablet  family  or  other  product  lines.“It’s 
still  being  looked  at  in  terms  of  other  form  fac¬ 
tors,”  says  Pamela  Ryan,  director  of  business 
development,  for  Nokia’s  customer  and  market 
operations  group. 

One  key  development  in  user  adoption  may 
be  the  availability  of  ZTE’s  Xohm-branded 
TU25  USB  WiMAX  modem  later  this  year,  which 
could  connect  any  device  with  a  USB  port  to 


Xohm  (ZTE  and  ZyXEL  also  offer  WiMAX  cus¬ 
tomer  premises  equipment).  Studies  have 
shown  the  vast  majority  of  users  have  a  very 
strong  preference  for  USB-based  connectivity 
compared  with  more  traditional  PCMCIA 
cards,  according  to  Sprint’s  Gude. 

Technology  as  cost-cutter 

Beyond  connectivity,  Xohm’s  WiMAX  infra¬ 
structure  has  another  purpose:  to  dramati¬ 
cally  lower  the  cost  of  providing  service,  and 
provisioning  subscribers.  “We’re  taking  out 
costs  to  make  wireless  broadband  afford¬ 
able,”  West  says.  “3G  showed  that  customers 
want  [mobile]  broadband.  But  they  want  it 
as  a  price  they  can  afford.” 

West  reiterated  his  long-standing  argument 
that  WiMAX  enables  broadband  wireless  for  a 
faction  of  the  cost  of  3G  cellular  technologies. 
“Your  racks,  towers  and  all  the  rest  are  the  same 
[in  cost] ,  but  now  you’re  pumping  10  times  the 
bits  through  them,”  he  says.  He  predicts  that 
WiMAX  chipsets  will  soon  reach  the  $3-to-$  1 5 
range,  only  slight  more  expensive  than  Wi-Fi 
chipsets  today  That’s  important  because  equip¬ 
ment  makers  can  embed  WiMAX  into  a  grow¬ 
ing  range  of  equipment  for  only  a  relatively 
small  additional  cost. 

Coupled  with  this  is  Xohm’s  provisioning 
model  for  subscribers,  using  a  variety  of 
channels  but  relying  heavily  on  the  Web.  At 
every  point,  the  company  has  tried  to 
squeeze  out  costs.  Xohm  doesn’t  have 
mandatory  service  contracts  or  cancellation 
fees.  According  to  the  company,  you  can  buy 
any  WiMAX-enabled  device,  connect  to  the 
Xohm  Web  site,  select  a  plan,  charge  it  to 
your  credit  card  and  get  online. 

Xohm  offers  home  wireless  Internet  access 
for  $25  a  month;  a  mobile  access  service  (“on- 
the-go”)  for  $30  a  month;  and  a  $50  monthly 
service  that  lets  you  use  two  WiMAX  clients  on 
one  account.  A  day-pass  plan  charges  $10  for 
24  hours  of  access,  which  Xohm  sees  as  a  way 
for  users  to  try  out  the  network.  ■ 


Wireless  event 

What's  the  secret  to  making  enterprise 
mobility  a  competitive  advantage  on  a 
commodity  world?  Strategic  manage¬ 
ment.  Developing  the  skills  and 
insights  to  synchronize  and  orches¬ 
trate  the  entire  spectrum  of  wireless 
tools  to  deliver  measurable  differ¬ 
ences  in  responsiveness,  customer 
service,  productivity,  and  bottom-line 
returns.  Hear  more  —  attend  IT  Road¬ 
map:  San  Francisco  on  Nov.  17  for  free. 

www.nwdocflnder.com/6423 
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Infrastructure 

OATA  CENTERS  ON  DEMAND 


Virtualization  is  here  to 

And  it's  no  wonder  -  it 
your  IT  resources.  But  smaller  footprints  can  come  at  a  cost.  Virtualized  servers, 
even  at  50%  capacity,  require  special  attention  to  cooling,  no  matter  their  size 
or  their  location. 


-density  racks  right  now... 


Virtualization  is  only 
half  the  battle  for  efficiency. 


1.  Heat  Server  consolidation  creates  higher  densities  -  and  higher  heat  -  per  rack, 
risking  downtime  and  failure. 

2.  Inefficiency  Perimeter  cooling  can't  reach  heat  deep  in  the  racks.  And  over¬ 
cooling  is  expensive  and  ineffective. 

3.  Power  Events  Virtual  loads  move  constantly,  making  it  hard  to  predict  available 
power  and  cooling,  risking  damage  to  your  network. 

The  right-sized  way  to  virtualize. 

With  the  new  HD-Ready  InfraStruXure  architecture,  you  can  take  on  high-density 
by  cooling  the  virtualized  high-density  row,  controlling  power  at  the  rack  level,  and 
managing  the  system  with  advanced  software  and  simulation.  Though  virtualizing 
saves  energy,  true  efficiency  also  depends  on  the  relative  efficiencies  of  power, 
cooling,  and  servers.  Right-sizing  one  and  not  the  others  (See  Figure  1)  leaves 
efficiency  savings  on  the  table.  To  right-size,  depend  on  the  efficient,  modular 
HD-Ready  InfraStruXure  and  neutralize  heat  at  the  source.  Equipment  will  be  safer 
and  more  efficient  running  closer  to  100%  capacity. 

Don't  agonize,  virtualize. 


Deploy  InfraStruXure  as  the  foundation  of  your  entire 
data  center  or  server  room,  or  overlay 
into  an  existing  large  data  center. 

SCHEMATIC  LEGEND: 

CRAC  UNITS 

STANDARD  DENSITY  RACKS 
CENTRALIZED  UPS 
INFRASTRUXURE  HO-READY  ZONES 


Figure  1 


Efficiency  and  Virtualization  ; 

Your  servers  are  efficient,  but  is  your  power  and  cooling?  ■  power  usage/capacity 


Pre-Server  Virtualization 


Big  gains  could  be  made  with  both  server 
and  power  and  cooling. 


□  Correct  Server  Utilization 

□  Correct-sized  Power 

□  Correct-sized  Cooling 
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Efficiency 


What  are  you  waiting  for?  With  HD-Ready  InfraStruXure  architecture  anyone  can 
virtualize...  anytime,  anywhere.  Just  drop  it  in  and  go. 

Why  do  leading  companies  prefer  InfraStruXure  6  to  1  over  traditional 
data  center  designs?  Find  out  at  www.xcompatible.com 


out  potential  gains  made  by  virtualizing. 
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Ef  Correct-sized  Cooling 

The  following  have  been  tested  and  work  best  with  InfraStruXure  Solutions.  Go  to  www.xcompatible.com  to  learn  more. 
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rost-aerver  virtualization 

IZf  Correct  Server  Utilization 

□  Correct-sized  Power 

□  Correct-sized  Cooling 

Server  Virtualization  with  Power  and  Cooling 

Right-sized  power  and  cooling  tip  the  balance  back  in  your  favor. 

Ef  Correct  Server  Utilization 
IZf  Correct-sized  Power  p  ; 


1 

-  I 

-  fl 


^63" 

Efficiency 


SQUARE  D 


•l».«l* 

CISCO 

rA*TN«R 


ttficiency 

EMC2 


Microsoft  PELCD 


—  s3=i ?  ALLIANCE 
PARTNER 


SELECT 


Download  a  FREE  copy  of  APC  White  Paper  #126: 

"An  Improved  Architecture  for  High-Efficiency,  High-Density  Data  Centers” 


Mwww.apc.com/promo  Key  Code  e149w  •  Call  888-289-APCC  x9675  •  Fax  401-788-2797 

©2008  American  Power  Conversion  Corporation.  Al  trademarks  are  owned  by  Schneider  Electric  Industries  S.A.S..  American  Power  Conversion  Corporation 

e-mail:  esupport@apc.com  •  132  Fairgrounds  Road,  West  Kingston.  Rl  02892  USA  998-0899_alt 


by  Schneider 


or  their  affiliated  companies. 


Electric 


NEWS  ANALYSIS 


Eaton  expertise  in  a  UPS. 
Uninterruptibility  from  Eaton®  isn't  a  new 
offering,  it's  an  iron-clad  promise,  backed  by 
a  $13B  global  organization  and  a  century-long 
heritage  with  power  protection,  distribution 
and  management  expertise.  That  expertise 
has  grown  to  include  the  Powerware®  and 
MGE  Office  Protection  Systems™  product 
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Symantec  to  buy 
MessageLabs 

BY  JEREMY  KIRK,  IDG  NEWS  SERVICE 

Symantec  will  pay  $695  million  for  MessageLabs,  a  security  ven¬ 
dor  that  offers  a  hosted  spam  and  Web  traffic  filtering  service. 

MessageLabs  offers  its  software-as-a-service  (SaaS)  as  a  monthly  sub¬ 
scription.  The  filtering  is  performed  within  the  company’s  14  data  cen¬ 
ters  located  around  the  world. 

It  also  can  route  a  company’s  Web  traffic  through  its  filters  to  block 
potentially  harmful  Web  sites  as  well  as  scan  instant  messages. 

SaaS  has  been  increasingly  popular  with  businesses  because  it  frees 

administrators  from  installing 
software  upgrades  and  per¬ 
forming  other  maintenance 
tasks  they  would  have  to  do 
in-house.  MessageLabs’  sub¬ 
scribers  turn  over  the  man¬ 
agement  of  their  email  and 
Web  traffic  security  to  the 
company  and  do  not  have  to 
install  on-site  equipment. 

For  Symantec,  the  acquisi¬ 
tion  of  MessageLabs  gives  it  an 
alternative  e-mail  security 
offering  to  BrightMail,  the 
company’s  antispam  and 
antivirus  appliance. 

“We  think  the  opportunity  to 
expand  our  footprint  in  the 
rapidly  growing  softwareas-a- 
service  market  is  significantly  enhanced  by  this  team  becoming  part  of 
Symantec,”  says  Symantec  CEO  John  Thompson. 

MessageLabs’  service  will  be  integrated  into  the  Symantec 
Protection  Network,  an  online-based  backup,  data  restoration  and 
remote  access  service  launched  in  April  2007  for  small  to  midsize 
businesses.  Symantec  will  put  its  Protection  Network  services  within 
MessageLabs’  data  centers. 

SaaS  focus 

Symantec  also  says  it  is  going  to  create  a  specific  SaaS-focused 
product  group.  Adrian  Chamberlain,  CEO  of  MessageLabs,  will  lead 
the  team  and  report  to  Enrique  Salem,  Symantec’s  chief  operating 
officer. 

MessageLabs  has  about  19,000  clients  worldwide.  The  company 
reported  $145  million  in  revenue  for  its  fiscal  2008  that  ended  July 
31. The  revenue  figure  is  20%  more  than  in  fiscal  2007. 

Symantec  officials  say  that  two-thirds  of  MessageLabs’  customers 
are  in  Europe. 

The  deal,  expected  to  close  by  the  end  of  December,  is  subject  to 
approval  by  regulators.  ■ 


ONLINE:  Security  Trend  Watch 

See  our  special  issue  examining  how  information  protection, 
identity-centric  access  control,  security  event  management 
and  managed  security  services  are  shaping  new  enterprise 
defenses. 

www.nwdocfinder.com/6848 


RAPID  RISE  IN 
HOSTED  SECURITY 

MessageLabs  holds  a  29.7% 
share  of  the  hosted  security 
services  market,  followed  by 
Google,  which  owns  Postini, 
at  18.7%  and  Microsoft  at 
8.7%,  according  to 
Symantec.  Before  this 
acquisition,  Symantec  held 
just  1.1%. 
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Will  Apple  be  forced  to 
make  more  money? 

(still  have  not  bought  an  iPhone.  I  expect  I 
will  do  so  soon  though  now  that  there  is  at 
least  one  good  SSH  client  available 
through  the  Apple  App  Store.  But  I’ve  been  put 
off  by  reports  about  the  poor  quality  of  AT&T’s 
wireless  network  and,  to  some  degree,  by  the 
apparent  capriciousness  of  Apple’s  decision¬ 
making  process  regarding  what  applications 
can  be  made  available  through  the  App  Store. 

These  issues  have  delayed  my  purchase.  But 
1  expect  that  they  have  been  a  deal  killer  for 
quite  a  few  people. 

At  first  the  lock-in  deal  with  AT&T  made  sense  to  me.  Apple’s  agree¬ 
ment  with  AT&T  includes  Apple  receiving  a  share  of  the  revenue  the 
carrier  gets  from  iPhone  subscribers  —  a  nice  deal  indeed.  But  Apple 
does  not  have  any  such  deal  about  iPods  and  seems  to  be  doing  just 
fine  selling  a  much  less  expensive  device.  Now  I’m  not  so  sure  that 
the  iPhone  lock-in  is  a  good  thing  for  Apple  —  it  clearly  is  not  a  good 
thing  for  anyone  else:  Customers  cannot  chose  the  carrier  that  pro¬ 
vides  the  best  service,  and  AT&T’s  competitors  cannot  sell  the 
iPhone. 

Because  the  iPhone  is  a  GSM  device  it  is  not  compatible  with 
Verizon’s  or  Sprint’s  networks,  but  just  having  a  T-Mobile  option  could 
help  some  customers.  What’s  more,  having  an  option  of  swapping  SIM 
cards  with  a  local  provider  when  traveling  out  of  the  country  would 
be  a  very  big  win  considering  AT&T’s  unconscionable  international 
roaming  charges. 

Apple  could  sell  a  lot  more  iPhones  if  they  were  not  tied  to  specific 
carriers. 

The  value  of  the  iPhone  would  also  be  higher  if  Apple  did  not 
block  some  of  the  applications  it  has  from  the  App  Store.  Some  filter¬ 
ing  is  needed  to  be  sure  that  applications  will  not  kill  the  iPhone  or 
the  phone  network.  But  blocking  applications  that  compete  with 
Apple’s  own  does  no  one  good  in  the  long  run  —  customers  do  not 
get  alternatives  and  Apple  has  less  of  an  incentive  to  produce  better 
applications. 

Speaking  of  unconscionable,  that  is  just  what  a  court  has  ruled  that 
some  of  the  terms  of  the  AT&T  iPhone  user  agreement  may  be.  The 
same  court  has  ruled  that  Apple  and  AT&T  may  have  violated  the 
Sherman  Antitrust  Act  when  they  had  a  secret  agreement  that 
locked  customers  in  for  five  years,  three  years  past  the  two-year 
agreements  that  customers  thought  they  were  signing.The  court 
ruled  that  Apple  may  have  violated  the  same  law  by  limiting  the 
market  for  iPhone  applications  to  those  available  through  the  App 
Store.  In  addition,  the  court  ruled  that  Apple’s  decision  to  perma¬ 
nently  disable  unlocked  iPhones  with  its  Version  1.1.1  update  may 
have  also  violated  the  law. 

I  say  “may  have”  because  the  court  refused  to  rule  that  the  charges 
made  by  the  people  suing  Apple  and  AT&T  should  be  dismissed. The 
next  step  will  be  discovery,  where  Apple  and  AT&T  will  have  to  pro¬ 
duce  mountains  of  documents  detailing  just  what  they  have  been 
doing. 

This  case  has  hardly  started,  but  one  possible  outcome  could  be 
that  Apple  is  told  that  it  cannot  have  the  kind  of  restrictive  agreement 
it  has  with  AT&T  and  has  to  open  up  the  iPhone  for  more  third-party 
applications.  I  expect  that  Apple,  but  not  AT&T,  will  benefit  consider¬ 
ably  if  this  happens  —  as  will  consumers  (and,  of  course,  the 
lawyers). 

Disclaimer:  Lawyers  making  money  is  good  for  the  endowment  of 
the  Harvard  Law  School  but  I  know  of  no  Law  School  position  on  the 
iPhone  case  or  if  it’s  a  good  idea  to  force  Apple  to  make  more 
money  So  the  above  is  my  own  opinion. 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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Ellison  hypes  Oracle’s  data  warehouse  appliance 


The  high-end  data 
warehousing  wars 
are  fast  upon  us. 
Vendors  are  launching 
ever  more  scalable 
DW  solutions.  And 
they’re  delivering  them 
with  more  aggressive 
—  and  slippery  —  per¬ 
formance  claims. 

The  DW  industry’s 
new  battlefront  is 
petabyte  scalability  This 
refers  to  a  DW  platform’s  ability  to  ingest,  store, 
process  and  deliver  an  order-of-magnitude 
more  data  than  today’s  typical  terabyte-size 
warehouses.  In  this  regard,  the  competitive 
high  ground  is  still  held  by  Teradata,  which 
recently  released  a  high-end,  shared-nothing, 
massively  parallel  processing  (MPP)  DW  appli¬ 
ance  that  can  scale  to  10  petabytes  across  as 
many  as  1 ,024  compute/storage  nodes. 

Oracle  and  HP  recently  joined  the  petabyte 
battle  with  all  guns  blazing.  At  Oracle’s  annual 
OpenWorld  conference,  they  jointly 
announced  general  availability  of  a  petabyte- 
scalable  DW  appliance:  the  HP  Oracle 
Database  Machine,  which  includes  the  HP 
Exadata  Storage  Server. They  touted  its 
“extreme”  performance  and  scaling  features, 
bolstering  those  claims  through  public  demos 
and  beta-tester  testimonials. 

Most  significantly,  they  enlisted  Oracle  CEO 
Larry  Ellison  and  HP  honchos  Mark  Hurd  and 
Ann  Livermore  to  unveil  the  offering  from  the 
conference’s  main  stage. 

Clearly,  the  HP  Oracle  Database  Machine  is 
highly  strategic  for  both  companies.  It  pro¬ 
vides  a  platform  for  Oracle  to  sell  more  data¬ 
base  licenses  and  for  HP  to  sell  more  server 
and  storage  hardware.  It  will  almost  certainly 
get  the  partners  onto  vendor  short  lists  for 
petabyte-scale  DW  solutions,  which  are 
increasingly  being  deployed  in  such  vertical 
markets  as  telecommunications,  government 
and  financial  services. 

It  also  helps  them  blunt  the  momentum  of 
DW  appliance  up-and-comer  Netezza,  whose 
platform,  like  the  Oracle/HP  offering,  performs 
SQL  processing  in  an  intelligent  storage  layer, 
thereby  accelerating  queries  and  table  scans 
against  very  large  data  sets. 

There’s  no  question  that  the  recent 
Oracle/HP  announcement  was  substantial 
and  has  shifted  the  competitive  dynamics  in 
the  high-end  DW  market.  But  it  was  also  an 
exercise  in  marketing  hype.  Predictably  it  trig¬ 
gered  an  immediate  firestorm  of  heated 
retorts  from  aggrieved  competitors. 

In  the  fog  of  war,  the  first  casualty  is  perspec¬ 
tive,  and  that’s  certainly  the  case  in  this  com¬ 
petitive  fracas.  Buyers  of  DW  solutions  should 
exercise  extreme  caution  when  evaluating  the 
Oracle/HP  solution  vis-a-vis  comparably  scal¬ 


able  offerings  from  Teradata,  Sybase, 
Greenplum,  IBM  and  others. You’ll  definitely 
need  to  apply  the  standard  caveats  to  Ellison’s 
bold  price/performance  claims.  And  consider¬ 
ing  that  Ellison  was  employing  the  native  mar¬ 
keting  speak  of  the  DW  arena,  you’ll  need  to 
apply  the  same  grains  of  salt  to  his  competi¬ 
tors’  tales. 

For  starters,  Ellison  studded  his  talk  with 
what  might  be  regarded  as  the  “virtuous  coef¬ 
ficients”  of  DW  performance  enhancement: 
10x,20x,30x,40x,50x,as  high  as  72x  speedups 
have  been  documented  by  beta  testers  of  the 
HP  Oracle  Database  Machine.  Of  course,  every 
DW  professional  knows  that  these  perfor¬ 
mance  boosts  are  extremely  sensitive  to  myri¬ 
ad  implementation  factors,  such  as  what  you 
put  in  a  SQL  “where”  clause,  how  many  table 
joins  you  perform,  whether  and  how  you  com¬ 
press  the  data  and  so  forth. 

The  performance  enhancements  also  are 
relative  to  whatever  DW  configuration  —  well- 
engineered  or  otherwise  —  the  beta  testers 
had  implemented  prior  to  getting  their  hands 
on  this  shiny  new  uber-appliance.  Note  the  tag 
line  near  the  end  of  Ellison’s  presentation 
(emphasis  added):"  10-50x  faster  than  current 
Oracle  data  warehouses.” 

Also,  Oracle’s  big  boss  hammered  Teradata 
and  Netezza  with  benchmarks  that  were 
ostensibly  apples-to-apples.  However,  Ellison’s 
presentation  seriously  lacked  the  detailed 
footnoting  necessary  to  ascertain  that  he  was 
indeed  comparing  his  product  against  com¬ 
parably  configured  instances  of  rival  offerings 
that  were  processing  comparable  workloads. 

But  even  without  aid  of  a  magnifying  glass,  it 
was  clear  that  Ellison  was  comparing  his 
appliance  directly  to  the  Teradata  2550  and 
Netezza  10100  on  the  basis  of  a  single  com¬ 
mon-denominator,  configuration-wise: They  all 
have  a  one-rack  footprint.That’s  an  odd  basis 
for  comparison. Those  competitors  do  in  fact 
have  higher-end  DW-appliance  models,  with 
more  capacity,  that  might  serve  as  a  better 
basis  for  performance  and  price  compar¬ 
isons,  but  Oracle  chose  to  overlook  that  fact. 
Why  did  it  size  up  a  168-terabyte  Oracle/HP 
machine  against  43-terabyte  offerings  from 
Teradata  and  Netezza  respectively? 

Furthermore,  Oracle  somehow  failed  to 
benchmark  these  same  solutions  on  the  full 
range  of  performance  criteria  that  matter  in 
DW  and  business  intelligence  deployments, 
such  as  query  response  times,  concurrent 
usage,  mixed  workload  support,  load  speed 
and  transaction  throughput.  Even  if  Oracle 
had  provided  reliable,  unbiased,  third-party 
benchmarks,  it  would  have  been  useless  if  the 
company  didn’t  test  against  comparably  con¬ 
figured  Teradata  and  Netezza  offerings. 

And  the  price-comparison  chart  was  also 
seriously  deficient.  Most  notably  the  HP 
Oracle  Database  Machine’s  overall  price,  as 


presented  by  Ellison,  lacked  the  requisite 
Oracle  Database  Real  Application  Cluster 
license  fees.  However,  the  stated  prices  for  the 
Teradata  and  Netezza  solutions  definitely 
included  the  database  management  systems 
(DBMS)  that  come  configured  into  those 
offerings  (though  Netezza  has  a  free  open 
source  database,  PostgreSQL,  at  the  heart  of  its 
offering).  So  when  you  factor  in  all  relevant 
costs,  the  new  HP  Oracle  Database  Machine 
doesn’t  look  quite  as  attractive  on  the  com¬ 
mon-denominator  of  acquisition  price  per 
usable  terabyte  of  production  data. 

Finally  Ellison,  like  most  DW  vendors,  implic¬ 
itly  presented  his  solution’s  architectural 
approach  as  the  gold  standard  against  which 
all  others  must  be  disparaged. That,  of  course, 
is  a  highly  debatable  proposition. 

For  one  thing,  Oracle  Database  1  lg  —  the 
software  heart  of  the  appliance  —  is  still  a 
general-purpose  relational  DBMS  that  has  one 
foot  in  DW  but  another  solidly  planted  in 
online  transaction  processing  (OLTP).  By  con- 
stast, Teradata,  Sybase,  Netezza,  Greenplum 
and  others  have  optimized  their  DBMSs  for 
DW  from  the  get-go,  and  do  not  support  OLTP 

Also,  Oracle’s  appliance  implements  a 
shared-disk  storage-area  network  architecture. 
By  most  accounts, shared-disk  approaches  are 
inherently  less  scalable  than  the  shared-noth¬ 
ing  MPP  approach  at  the  heart  of  DW  solu¬ 
tions  from,  among  others, Teradata  and 
Greenplum. 

And  the  Exadata  storage  layer  can  only  par¬ 
allelize  SQL  queries,  and  only  against  struc¬ 
tured  relational  data.  In  its  present  incarna¬ 
tion,  the  Exadata  storage  grid  cannot  be  used 
to  execute  a  wider  range  of  analytic  functions 
or  handle  unstructured  and  semi-structured 
data  types.  Consequently,  it  is  not  applicable  to 
the  new  generation  of  “content  DWs”  or  for 
any  of  the  in-database  analytics  that  might  be 
applied  to  the  myriad  nonrelational  data 
types  that  reside  in  those  warehouses. 

Ellison  didn’t  go  into  anywhere  near  this 
degree  of  industry  context.  His  job  is  to  sell 
the  world  on  an  important  Oracle  product 
and  partnership,  and  he  did  so  quite  well.  We 
shouldn’t  expect  his  direct  competitors  to  be 
any  more  frank  about  their  respective  DW 
solutions’  limitations. 

Sorting  through  the  field  of  high-end  DW 
solutions  is  getting  more  difficult,  due  to  the 
diversity  of  vendor  approaches.  IT  profession¬ 
als  need  to  read  between  the  lines  of  DW  ven¬ 
dors’  increasingly  breathtaking  product 
announcements  before  deciding  if  Oracle,  HP 
or  any  other  solution  provider  is  truly  break¬ 
ing  new  ground. 

Kobielus  is  a  senior  analyst  at  Forrester 
Research  in  Alexandria,  Va.  The  opinions 
expressed  are  his  own.  E-mail  him  at  jko- 
bielus@forrester.com. 
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Telecom  planning  in  a  time  of  turmoil 


It’s  gotten  pretty  hard  to  miss  the  financial 
news  lately:  September  was  the  worst 
month  for  stocks  in  years,  and  October 
looks  to  surpass  it.  Despite  the  U.S.  govern¬ 
ment’s  massive  $700-billion  bailout,  the  U.S. 
economy  is  still  roiling,  and  Europe’s  is  doing 
even  worse. 

With  all  this  gloom  and  doom  abounding,  if 
you’re  a  telecom  manager  you  may  be  won¬ 
dering  about  how  all  this  will  affect  you  — 
and  what  decisions  you  can  make  to  ensure 
your  company’s  safe  over  the  long  haul.  Here 
is  an  FAQ: 

Will  I  still  have  a  job  tomorrow/next  week/next  month/next  year? 

Probably  If  you’re  in  your  late  20s  or  older,  you  probably  recall  the 
dot-com  debacle.  For  the  economy  at  large,  this  crisis  is  worse,  but  for 
those  of  us  in  the  tech/IT  sector,  it’s  not  as 
bad.  First,  CIOs  have  been  cautious  in  increas¬ 
ing  the  size  of  their  tech  staffs  over  the  past 
few  years  —  so  there  are  fewer  “redundant” 
positions.  Second,  not  as  many  tech-heavy 
companies  have  been  hit.Yes,  if  your  former 
employer  was  Lehman,  Bear  Stearns  or  a 
mortgage  broker,  you’re  probably  out  looking 
for  a  job.  And  if  you’re  working  in  finance,  real 
estate  or  insurance,  you  should  build  out  a 
Plan  B.  But  for  everyone  else,  the  chances  are 
your  company  (and  very  likely  your  job)  will 
survive  the  downturn. 

How  does  this  affect  my  telecom 
providers? 


Keep  in  mind  the  credit-worthiness  of  the  providers  you’re  doing 
business  with.  Financial  analysts  Sanford  Bernstein  recently  looked  at 
AT&T  and  Verizon  and  concluded  they’re  probably  OK.  Of  the  three 
U.S.  players,  Sprint  is  at  greatest  risk.  When  it  comes  to  smaller  players, 
things  are  iffier  —  but  that  doesn’t  mean  you  should  categorically 
back  off  from  using  these  companies,  which  can  offer  services  that 
enable  you  to  gain  competitive  advantage.  Just  make  sure  you  bring 
someone  from  your  finance  department  to  review  the  new  provider  to 
determine  the  level  of  risk.  Look  for  the  level  of  debt,  and  eschew 
providers  with  high  debt  loads.  (Sanford  Bernstein  finds  the  cable 
companies  potentially  interesting,  if  the  debt  loads  are  correct.) 

How  does  this  affect  the  types  of  contracts  I  should  sign? 

Go  for  managed  services  wherever  possible.  Here’s  why:  During  a 
credit  crunch,  the  less  you  spend  on  capital  equipment  (routers,  fire¬ 
walls)  the  better.  Managed  services  are,  in  essence,  a  way  for  the  carri¬ 
ers  to  assume  the  capital  costs  of  your  gear.  Because  the  chances  are 

that  Verizon  and  AT&T  are  bigger  than  your 
company,  they  have  greater  access  to  capital 
(and  more  favorable  terms).  So  your  best  bet 
is  to  have  the  carriers  assume  the  capital  costs 
for  the  gear,  so  your  company  can  conserve  its 
resources.  Finally  make  sure  you  give  yourself 
plenty  of  “outs” —  opportunities  to  exit  the 
contract  without  termination  penalties. 

The  bottom  line?  No  need  to  panic,  but  it’s 
wise  to  keep  the  financial  situation  in  mind 
when  negotiating  contracts. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  independent 
technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 


EYE  ON  THE 

CARRIERS 

Johna  Till  Johnson 


Next-generation  WAN  services 
event 

Enterprises  face  an  increasingly  compli¬ 
cated  network-services  landscape. 
Today’s  Ethernet  options  offer  new 
managed  services,  greater  simplicity, 
higher  bandwidth  and  reduced  costs. 
Learn  more  at  IT  Roadmap:  Washington, 
D.C.,  on  Dec.  16.  Qualify  to  attend  free: 

www.nwdocfinder.com/6822 
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Modular  data  centers  catching  on 

But  experts  question  energy  efficiency  claim 

BY  JON  BRODKIN 

Interest  in  modular  data  centers  is  growing,  fueled  by  high-profile 
endorsements  from  Microsoft  and  Google.  But  the  model  raises  new 
management  concerns,  and  efficiency  claims  may  be  exaggerated. 


Modular,  containerized  data  centers  being 
sold  by  vendors  such  as  IBM,  Sun  and  Rack- 
able  Systems  fit  storage  and  hundreds, some¬ 
times  thousands  of  servers  into  one  large 
shipping  container  with  its  own  cooling  sys¬ 
tem.  Microsoft,  using  Rackable  containers,  is 
building  a  data  center  outside  Chicago  with 
more  than  150  containerized  data  centers, 
each  holding  1,000  to  2,000  servers.  Google, 
not  to  be  outdone,  secured  a  patent  last  year 
for  a  modular  data  center  that  includes  “an 
intermodal  shipping  container  and  comput¬ 
ing  systems  mounted  within  the  container’ 

To  hear  some  people  tell  it,  containerized 
data  centers  are  far  easier  to  set  up  than  a 
traditional  data  center,  easy  to  manage  and 
more  power-efficient.  It  should  also  be  easier 
to  secure  permits,  depending  on  local  build¬ 
ing  regulations.  Who  wouldn’t  want  one? 

If  a  business  has  a  choice  between  buying 
a  shipping  container  full  of  servers,  and 
building  a  data  center  from  the  ground  up, 
it’s  a  no-brainer,  says  Geoffrey  Noer,  a  vice 
president  at  Rackable,  which  sells  the  ICE 
Cube  Modular  Data  Center. 

“We  don’t  believe  there’s  a  good  reason  to 
go  the  traditional  route  the  vast  majority  of 


the  time,”  he  says. 

But  that  is  not  the  consensus  view  by  any 
stretch  of  the  imagination.  Claims  about  effi¬ 
ciency  are  over-rated,  according  to  some 
observers. 

Even  IBM,  which  offers  the  Pbrtable  Modu¬ 
lar  Data  Center  and  calls  the  container  part 
of  its  green  strategy  says  the  same  efficiency 
can  be  achieved  within  the  four  walls  of  a 
normal  building. 

IBM  touts  a  “modular”  approach  to  data 
center  construction,  taking  advantage  of 
standardized  designs  and  predefined  com¬ 
ponents,  but  that  doesn’t  have  to  be  in  a  con¬ 
tainer.  “We’re  a  huge  supporter  of  modular. 
We’re  a  limited  supporter  of  container-based 
data  centers,”  says  Steve  Sams,  vice  president 
of  IBM  Global  Technology  Services. 

Containers  are  efficient  because  they  pack 
lots  of  servers  into  a  small  space,  and  use 
standardized  designs  with  modular  compo¬ 
nents,  he  says.  But  you  can  deploy  storage 
and  servers  with  the  same  level  of  density 
inside  a  building,  he  notes. 

Container  vendors  often  tout  40%  to  80% 
savings  on  cooling  costs.  But  according  to 
Sams, “in  almost  all  cases  they’re  comparing 


a  highly  dense  [container]  to  a  low-density 
[traditional  data  center] .” 

Containers  also  eliminate  one  scalability 
advantage  related  to  cooling  found  in  tra¬ 
ditional  data  centers,  according  to  Sams. 
Just  as  it’s  more  efficient  to  cool  an  apart¬ 
ment  complex  with  100  living  units  than  it 
is  to  cool  100  separate  houses,  it’s  more 
cost-effective  to  cool  a  huge  data  center 
than  many  small  ones,  he  says.  Air  condi¬ 
tioning  systems  for  containerized  data  cen¬ 
ters  are  locked  inside,  just  like  the  servers 
and  storage,  making  true  scalability  impos¬ 
sible  to  achieve,  he  notes. 

Gartner  analyst  Rakesh  Kumar  says  it  will 
take  a  bit  of  creative  marketing  for  vendors 
to  convince  customers  that  containers  are 
inherently  more  efficient  than  regular  data 
centers.  Gartner  is  still  analyzing  the  data, 
but  as  of  now  Kumar  says,  “I  don’t  think 
energy  consumption  will  necessarily  be  an 
advantage.” 

Finding  buyers 

That  doesn’t  mean  there  aren’t  any  advan¬ 
tages,  however.  A  container  can  be  up  and 
running  within  two  or  three  months,  elim¬ 
inating  lengthy  building  and  permitting 
times.  But  if  you  need  an  instant  boost  in 
capacity  why  not  just  go  to  a  hosting  pro¬ 
vider,  Kumar  asks. 

“We  don’t  think  it’s  going  to  become  a 
mainstream  solution,”  he  says.  “We’re  strug¬ 
gling  to  find  real  benefits.” 

Kumar  sees  the  containers  being  more 
suited  to  Internet-based,  “hyper-scale"  com¬ 
panies  such  as  Google,  Amazon  and  Micro¬ 
soft.  Containerized  data  centers  offer  scala¬ 
bility  in  big  chunks,  if  you’re  willing  to  buy 
more  containers.  But  they  don’t  offer  scala¬ 
bility  inside  each  container,  once  it  has  been 
filled,  he  says. 

Container  vendors  tout  various  benefits,  of 
course.  Each  container  is  almost  fully  self- 
contained,  Rackable’s  Noer  says.  Chilled 
water,  power  and  networking  are  the  only 
things  from  the  outside  world  that  must  be 
connected  to  each  one,  he  says.  Rackable 
containers,  which  can  be  fitted  with  as  many 
as  22,400  processing  cores  in  2,800  servers, 
are  water-tight,  fitted  with  locks,  alarms  and 
LoJack-like  tracking  units.  Sun’s  Modular 
Data  Center  can  survive  an  earthquake  — 
the  company  made  sure  of  that  by  testing  it 
on  one  of  the  world’s  largest  shake  tables  at 
the  University  of  California  in  San  Diego. 

A  fully  equipped  Rackable  ICE  Cube  costs 

See  Data  center,  page  28 


Rackable  Systems’  ICE  Cube  portable  data  center  can  be  fitted  with  as  many 
as  22,400  processing  cores  in  2,800  servers. 
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COMPANY:  Network  Instruments® 

OVERVIEW:  Network  Instruments®  is  the  industry-leading 
developer  of  distributed  and  affordable  network  manage¬ 
ment,  analysis  and  troubleshooting  solutions. The  award¬ 
winning  Observer®  family  of  products  provides  integrated 
monitoring  and  management  for  the  entire  network. 

CHALLENGE:  Central  DuPage  Hospital,  the  second 
busiest  surgical  center  in  Illinois,  recently  implemented 
several  major  initiatives  including  a  significant  VoIP  deploy¬ 
ment,  telemetry  patient  monitoring  system,  and  a  Comput¬ 
erized  Physician  Order  Entry  (CPOE)  system. 

Central  DuPage  lacked  adeguate  tools  to  manage  network, 
application,  and  connectivity  issues  associated  with  a  recent 
VoIP  implementation  and  expansion  of  critical  network 
applications. 

SOLUTION:  Central  DuPage  used  Observer®  Expert  to 
conduct  network  assessments  and  benchmark  performance 
before  implementing  VoIP.  Observer  remains  crucial  in  moni¬ 
toring  VoIP  phones  and  wireless  communications  between 
doctors,  nurses,  hospital  staff,  and  patients. 

"We  didn't  have  adeguate  analysis  tools  to  manage  network, 
application,  or  connectivity  issues,"  said  Jack  King,  director 
of  IT.  "We  were  in  the  middle  of  a  significant  VoIP  deploy¬ 
ment  and  had  plans  for  implementing  other  critical 
applications.  We  needed  an  analyzer  to  monitor  and  main¬ 
tain  performance." 

They  used  Observer  Expert  to  conduct  network  assessments, 
ensuring  a  successful  VoIP  deployment. 

"Network  Instruments  provides  us  complete  visibility  into 
everything  on  our  network," said  King.  "Visibility  is  critical  for 
us  being  able  to  quickly  identify  and  troubleshoot  issues 
before  they  impact  performance.  Locating  problem  causes 
without  Observer  Expert  would  be  like  trying  to  find 
a  needle  in  a  haystack  in  the  dark." 

For  more  information  on  Network  Instruments,  Observer, 
or  to  download  a  product  demo,  visit  our  website  or  give 
us  a  call. 
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Data  center 

continued  from  page  24 

several  million  dollars,  mostly  for  the  servers  themselves,  Noer  says.The 
container  pays  for  itself  with  lower  electricity  costs  as  the  result  of  an 
innovative  Rackable  design  that  maximizes  server  density,  Noer  says. 

But  it’s  still  too  early  to  tell  whether  containerized  data  centers  are  the 
way  of  the  future.“We  re  just  at  the  cusp  of  broad  adoption,”  Noer  says. 

Potential  use  cases  for  containers  include  disaster  recovery  remote 
locations  such  as  military  bases, or  big  IT  hosting  companies  that  would 
prefer  not  to  build  brick-and-mortar  data  centers,  Kumar  says. 

A  TV  crew  that  follows  sporting  events  may  want  a  mobile  data  cen¬ 
ter,  says  Robert  Bunger,  director  of  business  development  for  American 
Power  Conversion.  APC  doesn’t  sell  its  portable  data  center,  but  in  2004 
it  built  one  into  a  tractor-trailer  as  a  proof-of-concept.  It  was  resilient. 
“We  pulled  that  trailer  all  over  the  country”  for  demos,  Bunger  notes. 

But  APC  isn’t  seeing  much  demand, except  in  limited  cases.  For  exam¬ 
ple,  a  business  that  needs  an  immediate  capacity  upgrade  but  is  also 
planning  to  move  its  data  center  in  a  year  might  want  a  container 

because  it  would  be  easier 
to  move  than  individual 
servers  and  storage  boxes. 

UC-San  Diego  bought  two 
of  Sun’s  Modular  Data 
Centers.  One  goal  is  to  con¬ 
tain  the  cost  of  storing  and 
processing  rapidly  increas¬ 
ing  amounts  of  data,  says 
Tom  DeFanti,  principal  in¬ 
vestigator  of  the  school’s 
GreenLight  energy  efficien¬ 
cy  research  project.  But  it 
will  take  time  to  see 
whether  the  container 
approach  is  more  efficient. 
“The  whole  idea  is  to  create 
an  experiment  to  see  if  we 
can  get  more  work  per 
watts,”  DeFanti  says. 

The  Modular  Data  Center 
is  not  as  convenient  to  maintain  as  a  regular  computer  room,  because 
there  is  so  little  space  to  maneuver  inside,  he  says.  But  “it  seems  to  me 
to  be  an  extremely  well-designed  and  thought-out  system,”  DeFanti  says. 
“It  gives  us  a  way  of  dealing  with  the  exploding  amount  of  scientific 
computing  that  we  need  to  do.” 

Beware  vendor  lock-in 

Before  purchasing  a  containerized  data  center,  corporations  should 
consider  several  issues  related  to  their  manageability  and  usefulness. 
Vendors  often  want  you  to  fill  the  containers  with  only  their  servers, 
Kumar  notes.  Besides  limiting  flexibility  at  the  time  of  purchase,  this 
raises  the  question  of  what  happens  when  those  servers  reach  end-of- 
life.  Will  you  need  the  vendor  to  rip  out  the  servers  and  put  new  ones 
in,  once  again  limiting  your  choice  of  technology? 

“At  the  moment,  most  vendors  will  fill  their  containers  only  with  their 
servers,”  Kumar  says. 

IBM,  however,  says  it  uses  industry-standard  racks  in  its  portable  data 
center,  allowing  customers  to  buy  whatever  technology  they  like. 
DeFanti  says  Sun’s  Modular  Data  Center  allows  him  the  flexibility  to  buy 
a  heterogeneous  mix  of  servers  and  storage.  Rackable,  though,  steers 
customers  toward  either  its  own  servers  or  IBM  BladeCenter  machines 
through  a  partnership  with  IBM. 

“Vendors  are  learning  that  people  want  more  flexibility  DeFanti  says. 

Another  consideration  is  failover  capabilities,  says  Lee  Kirby,  who  pro¬ 
vides  site  assessments,  data  center  designs  and  other  services  as  the 
general  manager  of  Lee  Technologies.  If  one  container  goes  down,  its 
work  must  be  transferred  to  another.  Server  virtualization  will  help  pro¬ 
vide  this  failover  capability, ,  and  also  make  it  easier  to  manage  distrib¬ 
uted  containerized  data  centers  -  an  important  consideration  for  cus¬ 
tomers  who  want  to  distribute  computing  power  and  have  it  reside  as 
close  to  users  as  possible,  Kirby  says..  ■ 


IBM  uses  industry-standard  racks 
in  its  Portable  Modular  Data 
Center  so  customers  can  install 
gear  from  multiple  vendors. 
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TECH  UPDATE 

An  inside  look  at  technologies  and  standards 

Anatomy  of  a  SQL-iqjection  attack 


BY  RYAN  BARNETT 

While  there  are  a  number  of  security  risks  in  the  world  of  e-commerce, 
SQL  injection  is  one  of  the  most  common  Web-site  attack  techniques 
used  to  steal  such  customer  data  or  destroy  data  outright. 


A  database’s  native  tongue  is  Structured 
Query  Language  (SQL),  which  is  essentially  a 
set  of  command  statements  that  instruct  a  data¬ 
base  to  execute  actions.  Every  database  server 
has  a  similar  series  of  commands  to  query  its 
tables,  narrow  down  results  to  a  few  specific 
entries,  and  combine  information  from  one 
table  to  another. 

Here  is  an  example  SQL  query: 

SELECT  *  FROM  users  WHERE  Email  =  + 

Email  +‘“  AND  Password  =‘“  +  Password  +‘“; 

The  WHERE  specifies  a  condition,  that  an  e- 
mail  address  and  password  combination 
match  data  present  in  the  “users”  table.  When 
this  command  is  given  to  the  database  server 
it  returns  a  true  if  a  match  is  found  and  a  false 
if  there  is  no  match. 

When  clients  send  data  on  the  Web,  they  use 
URLs  and  forms  to  assemble  the  query  state¬ 
ments.  The  following  URL  is  an  example  of  a 
logon  page  for  a  Web  application: 

GET  /shopping_cart/login.asp?Email=jdoe 
@example.com&Password=$ecret  123 
HTTP/ 1.1 

This  URL  shows  that  the  destination  applica¬ 
tion  is  a  Microsoft  ASP  page  and  it  is  accepting 
two  parameters,  one  called  “Email”  and  the 
other  called  “Password.”  If  the  user  credentials 
are  correct,  the  result  of  this  query  will  provide 
response  data  that  represents  a  successful 
authentication  and  will  be  used  to  allow  the 
client  to  proceed  to  the  Web  page. 

Developers  of  traditional  application  code 
believe  database  queries  come  from  a  trusted 
source,  the  database  server  itself,  rather  than  an 
untrusted  user’s  Web  browser.  SQL  injection  is 
an  attack  technique  where  an  untrusted  user 
inserts  SQL  query  data  into  input  fields  sent  to 
back-end  databases  to  trick  the  database  into 
executing  the  commands  (see  graphic). 

The  Web-application  firewall  in  the  example 
was  configured  in  a  detection-only  mode, 
where  it  was  logging  alerts  and  events  but  not 
blocking  any  inbound  attacks  or  outbound 
data  leaks.  Because  of  this  configuration,  the 
inbound  SQL-injection  attack  was  allowed  to 
continue  on  to  the  vulnerable  Web  application. 

The  Web  page  returned  indicates  that  the 
SQL-injection  reconnaissance  probe  was  suc¬ 
cessful  (see  graphic), and  gave  the  hacker  valu¬ 
able  information,  including  the  exact  version 
of  the  database  and  the  database  user.  Armed 
with  this  information,  the  attacker  can  attain 
more  information  about  the  database  itself, 


such  as  the  table  and  column  names.  After  a 
number  of  intermediary  reconnaissance 
probes,  the  attacker  has  the  information  need¬ 
ed  to  send  a  complex  SQL-injection  attack  in 
an  attempt  to  extract  customer-record  details. 

Criminals  once  had  a  tough  time  creating 
programs  that  could  mass-exploit  Web  applica¬ 
tions  because  most  sites  ran  custom-coded  ap- 
plications.In  early  2007, the  game  changed  with 
the  emergence  of  mass  SQL-injection  bots. 
These  programs  use  a  complex  SQL  script  to 
inject  generic  data  into  vulnerable  sites  without 
previous  knowledge  of  the  database  structure. 
They  use  multiple  SQL  commands  to  create  a 
script  that  uses  database  features  to  gather,  then 
loop  through,  table  names  and  append  mali¬ 
cious  JavaScript  that  points  to  malware  on  a 
third-party  site.  The  injected  JavaScript  is  used 
dynamically  within  the  HTML  page  presented 
to  clients,  and  attempts  to  exploit  Web-browser 
vulnerabilities  to  install  a  back  door. 

The  Open  Web  Application  Security  Project 
Top  10  list  includes  excellent  guidelines  for 
mitigating  injection-type  attacks,  including: 

•  Input  validation:  Use  a  standard  input- 
validation  mechanism  to  validate  all  input 
data  for  length,  type,  syntax  and  business 
rules  before  accepting  the  data  to  be  dis¬ 
played  or  stored;  use  an  “accept  known 
good”  validation  strategy.  Reject  invalid 
input  rather  than  attempting  to  sanitize 
potentially  hostile  data. 

•  Database  configuration:  Use  strongly  typed, 
parameterized  query  APIs  with  place-holder 
substitution  markers,  even  when  calling  stored 
procedures;  amd  enforce  least  privilege  when 
connecting  to  databases  and  other  back-end 
systems.  Use  stored  procedures  carefully: 
Although  they  generally  are  safe  from  SQL 
injection,  they  can  be  injected  via  the  use  of 
execO  or  concatenating  arguments  within  the 
stored  procedure.  Do  not  use  such  dynamic 
query  interfaces  as  mysql_queryO- 

•  Avoid  detailed  error  messages.  These  are 
useful  to  an  attacker.  SQL  injection  is  the  most 
widely  used  attack  vector  for  profession 
cyberthieves,  but  defense-in-depth  security 
measures  —  proper  database  configuration, 
secure  coding  within  the  Web  application  and 
deployment  of  a  Web-application  firewall  — 
are  extremely  effective  mitigation  strategies. 

Barnett  is  director  of  application  security  at 
Breach  Security  (www.breach.com). 


Real  multistep  SQL- 
injection  attack 

A  real-world  multistep  SQL- 
injection  attack  captured  during 
incident  response. 

Figure  1.  The  first  query 

a  GET  /shopping_cart/login.asp? 

Emaii='%20or%201=convert(int,(select% 

Q  20@@version%2b'/’%2b@@servemame% 
2b’/'%2bdb_name()%2b,/'%2bsystem_user)) 

0  --sppassword  HTTP/1.1 

1. The  attacker  is  targeting  an  ASP  log  on 
page  and  injecting  SQL  into  the  e-mail 
parameter. 

2.  the  SQL  query  is  attempting  to  access 

global  and  local  database  variables,  such 
as  the  server  name. _ _ 

3. The  attacker  is  attempting  to  evade 
database  audit-logging  facilities  by 
appending  the  "--sp_password”  string, 
which  tricks  the  database  into  not  logging 
the  transaction. 

Figure  2.  The  attack  succeeds 

Q  HTTP/1.1  500  Internal  Server  Error 

Content-Length:  598  Content-Type:  text/html 
Cache-control:  private  Set-Cookie: 
ASPSESSiON!DCCQCSRDQ=EHEPiKBBB 
FLOFIFOBPCJDBGP;  path=/  Connection:  close 
<font  face-'Aria!"  size=2> 

<p>Microsoft  OLE  DB  Provider  for  ODBC 
Drivers</font>  <font  face="Aria!"  size=2>error 
'80G40e07’</font> 

<p> 

0  <font  face- ' Anal"  size=2>[Microsoft][ODBC 
SQL  Server  Driver][SQL  Server]Syntax  error 
converting  the  nvarchar  value  'Microsoft  SQL 
Server  2000  -  8.00.2039  (Intel  X86)  May  3 
2005  23:18:38  Copyright  (c)  1988-2003 
Microsoft  Corporation  Standard  Edition  on 
0  Windows  NT  5.2  (Build  3790:  Service  Pack 
1)/SHOPSQUOPT/OPTUSER'  to  a  column  of 
data  type  int  </font> 

<P> 

<font  face="Arial" 

size=2>/shopping_cart/login.asp</font><font 
face- ’Arial"  size=2>,  line  49</font> 

1. This  transaction  generated  an  HTTP 
response-status  code  of  500,  which 
indicates  an  error  occurred. 

2. The  HTML  in  the  response-body  payload 
includes  text  that  was  generated  by  the 
back-end  database. 

3. The  database  error  message  dynamically 
included  the  successful  results  from  the 
inbound  SQL-injected  query. 
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For  a  trusted  approach  to  problem  resolution  rely  on  the  Network  Instruments®  GigaStor™ 
appliance.  Everything  is  recorded — every  packet,  every  protocol,  every  transaction  for 
hours,  days,  even  weeks.  The  unique  GigaStor  interface  provides  an  effective  way  to  go 
back  in  time  to  determine  not  only  when  the  application  went  down  but  why. 

Resolve  intermittent  problems,  track  compliance  efforts,  isolate  VoIP  quality  issues, 
and  more  on  the  most  complex  WAN,  Gigabit,  and  1 0  GbE  networks.  Find  out  how  you 
can  turn  back  the  clock  with  the  GigaStor.  After  all,  your  network  history  shouldn't  be  a 
thing  of  the  past. 

|®  GigaStor:  Get  proof.  Take  action.  Move  forward. 


NETWORK* 

INSTRNMENTS 


Learn  more  about  GigaStor.  800-526-5958 

www.Networklnstruments.com/TimeTravel 


2007  Network  Instruments,  LLC.  All  rights  reserved.  GigaStor,  Network  Instruments,  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 


Backup  DVDs  that  find  your  photos 

H 


ere’s  a  neat  idea:Verbatim  has  launched  a 
backup  system  for  photos  that  is  embed¬ 
ded  on  Recordable  DVDs.  The  product, 
called  PhotoSave  DVD,  is  for  Windows  2000,  XP 
and  Vista. 

GEARHEAD  Here’s  how  it  works.  When  you  put  a 

— -  „  . ,,  PhotoSave  DVD  in  a  drive  that  has  autoplay 

Mark  blDDS  enabled,  the  PhotoSave  application  stored  on 

the  DVD  is  launched.  If  you  are  wary  of  autoplay 
as  1  am, you’ll  have  to  launch  the  application  manually.As  PhotoSave  is 
only  1.79MB  it  runs  almost  immediately  on  most  systems. 

Once  loaded  PhotoSave  scans  your  drives  and  figures  out  how  many 
image  files  you  have  and  how  much  storage  will  be  needed.You  can  let 
the  program  do  its  stuff  or  manually  select  what  is  to  be  backed  up. 
Verbatim  claims  that  PhotoSave  recognizes  more  than  80  image  file  for¬ 
mats,  but  I  can’t  find  a  list  of  these  formats  anywhere. 

What  was  remarkable  was  how  fast  PhotoSave  finds  images  —  less 
than  about  15  seconds  to  find  6,392  images  totaling  10.9GB  on  a  two- 
drive,  1.8GHz  P4  Windows  XP  Professional  system  with  a  total  of  183GB 
of  used  disk  space.This  makes  me  wonder  how  PhotoSave  can  do  that 
task  so  fast  when  the  same  operation  would  take  Windows  Explorer  at 
least  15  minutes  to  do.  Anyone?  Microsoft? 

The  first  time  I  tried  to  perform  a  backup  PhotoSave  reported  it  would 
require  three  discs  to  back  up  all  the  images  I  found  —  no  problem,  the 
disks  come  in  three  packs  so  1  told  it  to  do  its  thing. 

I  came  back  an  hour  later  and  PhotoSave  reported  that  operation  had 
been  cancelled  but  I  have  no  idea  why  When  I  restarted  the  application 
it  said  a  data-recording  session  had  been  saved  on  the  DVD  but  it 
showed  no  files.You’d  think  that  an  empty  session  would  be  handled  a 
little  more  skillfully  because  there’s  a  limit  of  three  sessions  per  disk.  I 


did  get  the  PhotoSave  system  to  work  on  the  next  try  and  everything 
went  fine  the  second  time  around. 

The  things  I’d  fault  PhotoSave  on  are  no  support  for  OS  X  or  Linux,  no 
incremental  backup  and  no  file  recovery  service  (you  have  to  go  to  the 
disks  and  find  the  files  you  want  to  recover). 

Another  issue  is  PhotoSave’s  ugly  behavior  when  you  cancel  an  oper¬ 
ation.  For  example,  if  you  cancel  a  backup  you  get  spurious  warnings 
about  missing  files,  or  PhotoSave  creates  a  backup  of  the  files  found  up 
to  the  moment  you  cancelled,  which  wastes  a  session.  Gentlemen  of 
Verbatim,  “cancel”  means  stop  what  you’re  doing,  not  go  ahead  with 
whatever  you’ve  got  even  if  it’s  not  what  I  want. 

All  that  not  withstanding,  this  is  an  interesting  idea  for  your  users  who 
need  to  do  backups  where  you  aren’t  in  a  position  to  manage  it  for 
them  —  for  example,  field  workers  using  digital  cameras  and  working 
with  images  on  laptops.  As  these  discs  are  write-only  there’s  a  good 
chance  your  users  won’t  wipe  out  their  backups. 

A  nice  idea  and  definitely  useful,  but  limited  and  a  little  unpolished.  I’ll 
give  PhotoSave  3  out  of  5.  A  three  pack  of  PhotoSave  disks  costs  $9.99. 

Finally  a  follow-up  from  reader  Glen  Klitz  who  came  across  my 
columns  about  the  mysterious  surge  in  deferred  procedure  calls  that 
my  Windows  XP  system  experienced.  Glen  is  seeing  exactly  the  same 
problem  on  a  white  box  with  a  1 .53GHz  Athelon  XP1800  with  608MB  of 
RAM  running  Windows  XP  SP3  OEM  (I  had  a  1.8GHz  Pentium  with  1GB 
of  RAM  running  Windows  XP  Professional  SP2). 

As  I  told  Glen,  I  never  found  the  cause  and  the  problem  went  away  as 
mysteriously  as  it  had  arrived.  I’m  still  waiting  for  one  of  you  geniuses  to 
pull  the  rabbit  from  the  hat  on  this  one. 

Gibbs  thinks  tricks  are  for  techs  in  Ventura,  Calif.  Serialize  your  thoughts 
to  gearhead@gibbs.com. 


Accessing  HD  content  from  anywhere 


COOLTOOLS 


The  scoop:  Slingbox  Pro-HD,  by  Sling  Media, 
about  $300. 

What  it  is:  Like  the  original  Slingbox,  the  new 
high-definition  version  is  a  small  appliance  that 
connects  to  your  TV  and  home  network  to  let 
you  stream  TV  content  across  the  LAN  or  the 
Internet. With  the  included  SlingPlayer  software, 
you  can  watch  a  Boston  Red  Sox  game  on  your 
laptop  when  you’re  in  a  San  Francisco  hotel 
room,  for  example. The  new  Slingbox  version  takes  advantage  of  set-top 
boxes  with  high-definition  content,  allowing  you  to  stream  those  chan¬ 
nels  across  the  LAN  and  Internet  also.  With  multi-  . . . . . 

pie  connection  options  (composite,  S-Video  or 
component  video  inputs),  the  device  can  stream 
video  from  several  sources,  including  a  cable  set¬ 
top  box  (basic  or  high-definition),  a  digital  video 
recorder,  Apple  TV  DVD  Player,  satellite  receiver  or 
a  video  security  camera. 

Why  it’s  cool:  The  new  box  and  SlingPlayer  soft¬ 
ware  improves  video  quality  when  streaming  con¬ 
tent,  and  a  live  video  buffer  lets  you  pause,  rewind 
or  fast  forward  up  to  60  minutes  of  content,  creat¬ 
ing  a  DVR-like  experience.  A  very  colorful  TV  list¬ 
ings  guide  and  the  SlingRemote  feature  looks 
and  acts  just  like  your  real  remote  control  sit¬ 
ting  at  home,  making  it  extremely  easy  to 
change  channels.  A  very  nice  optimization 
feature  detects  your  network  settings  and  |m 
adjusts  the  bandwidth  stream  for  the  best 
available  video  and  audio.  On  the  home 
LAN, I  was  able  to  get  up  to  6Mbps  of  band- 
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width  streaming  at  times,  making  for  a  very  nice  in-home  experience  — 
for  example,  being  able  to  watch  TV  in  a  home  office  on  the  laptop 
where  no  TV  connection  exists. 

Some  caveats:  The  biggest  downside  is  the  limitations  of  your  broad¬ 
band  connection.  Most  broadband  connections  offer  lots  of  download 
bandwidth  (my  system  offers  6Mbps  downloads  at  times)  but  very  lim¬ 
ited  upload  bandwidth  (I’m  lucky  if  I  get  more  than  500Kbps).  Sling 
Media  suggests  that  the  best  viewing  experience  comes  with  more  than 
800Kbps  upload,  with  “better”  ranging  from  400K  to  800Kbps,  and  “good” 
between  256K  and  400Kbps.  In  testing  with  my  400K  to  500Kbps  con¬ 
nection,  the  high-definition  content  is  nearly  impossible  to  view  remote¬ 
ly;  you  get  a  smaller  screen  and  resolution.  That 
criticism  may  be  moot  —  when  you’re  remote  and 
watching  a  game,  just  watching  the  game  is  good 
enough. 

Another  issue:  If  your  router  isn’t  located  near 
the  Slingbox  (where  you  can  run  an  Ethernet 
cable),  connecting  involves  trying  to  use  a  pow¬ 
erline  bridge  or  a  wireless  Ethernet  bridge.  In  test¬ 
ing,  I  tried  two  separate  adapters,  and  had  trouble 
with  in-home  streaming.  Then  I  turned  to  the 
SlingLink  Turbo  (a  $150  four-port  unit  near  the 
Slingbox  and  an  $80  one-port  unit  next  to  my 
router)  powerline  adapters.  Once  these  were 
connected,  my  streaming  flew  —  it  was  worth 
the  extra  cost. 

Grade:  3  stars  (better  if  you  have  great 
upload  speeds  at  home). 


_ 


The  Slingbox  Pro-HD  and  SlingPlayer  software 
let  you  watch  HD  TV  on  your  laptop. 


Shaw  can  be  reached  at  kshaw@nww. 


com. 
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Four  steps  to  application 


Survey  shows  that  following  best  practices  for  application  performance 
management  is  key  to  boosting  app  effectiveness 


BY  PETER  SEVCIK  AND  REBECCA  WETZEL,  NETFORECAST 

application-performance  manage¬ 
ment  is  about  people  and  process. 
Many  companies  start  down  the  APM  path  by 
investing  in  management  products  and  stop  there. 
NetForecasts  research,  however,  shows  the  biggest 
performance  bang  for  the  buck  comes  from  invest¬ 
ing  in  people  who  implement  APM  best  practices. 

NetForecast  recently  completed  a  benchmarking  survey 
of  300  enterprises  and  their  APM  practices  and  results. 
Here’s  what  we  found: 

•  Enterprises  investing  the  most  in  good  practices  more 
than  double  application-performance  effectiveness  com¬ 
pared  with  those  investing  the  least. 

•  In  particular,  such  enterprises  experience  a  more  than 
300%  improvement  in  their  ability  to  solve  problems  quick¬ 
ly,  and  a  nearly  150%  improvement  in  their  ability  to  learn 
about  problems  proactively  rather  than  through  user  com¬ 
plaints.  In  addition,  they  are  twice  as  likely  as  those  invest¬ 
ing  the  least  to  assess  response  times  favorably  for  their 
important  applications. 

•  This  year’s  results  show  a  10%  overall  improvement  in 
benchmark  scores  compared  with  last  year,  indicating  that 
enterprises  are  doing  a  better  job  of  implementing  best 
practices. 

•  In  addition,  ITIL’s  IT  Service  Management  (ITSM)  frame¬ 
work  is  gaining  popularity,  while  the  FCAPS  (standing  for 
fault, configuration,  accounting,  performance  and  security) 
framework  is  on  its  way  out. 

Four  steps  to  APM  best  practices  and  benchmarking 

When  all  is  said  and  done,  what  matters  is  how  users 
experience  an  application:  Can  they  reach  it, 
and  once  there,  can  they  remain  produc¬ 
tive?  Good  APM  optimizes  application 
availability  and  response  time,  and  best 
practices  help  make  that  happen. 

Best  practices  harness  human  behavior, 
education,  relationships  and  communica¬ 
tion  to  understand,  measure  and  communicate 
about  application  performance  —  as  well  as  to  link  this 
performance  to  the  business. These  best  practices  must  be 
embedded  into  a  continuous  improvement  process  that 
ensures  application  performance  meets  your  business 
needs. 
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Application  performance  management  best  practices  are  on  the  rise 

Survey  results  show  that  the  median  benchmark  score  (which  tallies  how  well  companies  are 
deploying  best  practices)  increased  by  10%  overall  between  2007  and  2008.The  median  score 
is  still  5  out  of  10,  meaning  there’s  plenty  of  room  for  improvement. 


This  process  begins  by  understanding 
your  users’ and  application  needs,  gathering 
(and  measuring)  relevant  performance 
data,  and  reporting  (or  communicating) 
that  data  in  understandable  form  to  the 
right  people. 

The  reports  serve  as  input  for  IT  and  busi¬ 
ness  groups  to  collectively  determine  what 
measurements  and  thresholds  best  support 
the  business. 

Here  are  the  four  best  practices  and  some 
examples  of  what  they  entail: 

1.  Understand: 

•  Define  which  technical  parameters  are 
important. 

•  Establish  which  applications  are  mission 
critical. 

•  Document  this  information  and 
distribute  it  throughout  the  organization. 

2.  Measure: 

•  Measure  the  important  technical 
parameters  already  defined. 

•  Track  those  measurements  over  time. 

•  Set  critical  thresholds. 

•  Automate  data  gathering  and 
correlation. 

3.  Report: 

•  Submit  relevant  performance  reports 
regularly  to  management. 

•  Communicate  important  measurement 
information  throughout  the  enterprise 
(along  with  any  necessary  explanations 

about  what  it  means  and  how  it  should  be 
used). 

4.  Link: 

•  Work  with  business  managers  to  ensure 
that  monitored  applications  are  business 
critical. 

•  Establish  business-relevant  performance 
targets  and  application-level  service- 
level  agreements. 

•  Meet  periodically  with  business  man¬ 
agers  to  review  these  targets  and  SLAs. 

Benchmarking  these  best  practices  lets 


you  assess  your  progress.  A  benchmark 
score  shows  on  a  numerical  scale  how  well 
you  are  implementing  best  practices,  which 
can  be  compared  with  the  industry  norm 
and  with  those  who  are  executing  well  and 
achieving  best  results. 

Survey  results:  continuous  improvement 

This  year’s  survey  of  300  enterprises  is  the 
second  APM  benchmarking  survey 
NetForecast  has  completed  —  the  first  was 
in  February  2007. 

We  analyzed  each  respondent’s  answers 
to  formulate  an  APM  benchmark  score  for 
each  of  the  four  best  practices  using  a  10- 
point  scale,  with  10  the  best  score  (highly 
organized  and  formal  approach)  and  0  the 
poorest  (no  attempt  to  perform  the  func¬ 


tion).  We  then  aggregated  the  four  individ¬ 
ual  best-practice  benchmark  scores  into  an 
overall  best-practice  score  for  each  enter¬ 
prise. 

The  graphic  at  left  shows  the  overall  APM 
benchmark-score  distribution  across  the 
survey  population.  This  year’s  median 
benchmark  score  for  all  enterprises  sur¬ 
veyed  is  5  — smack  in  the  middle  of  the  10- 
point  scale.  Three  enterprises  achieved 
benchmark  scores  above  9,  and  two 
received  scores  below  1. 

This  year’s  median  score  is  a  10%  improve¬ 
ment  compared  with  the  results  from  our 
February  2007  survey,  which  showed  a 
median  of  4. 

In  addition,  this  year’s  smooth,  bell-shaped 
distribution  around  the  median  is  better 
than  last  year’s  curved  distribution,  which 
bulged  asymmetrically  toward  poorer 
scores. This  change  indicates  that  APM  prac¬ 
tices  are  getting  better  overall. 

Diving  into  the  individual  best-practice 
elements,  reporting  scored  the  highest 
marks,  followed  by  understanding,  linking 
and  measuring. 

Comparing  this  year’s  scores  to  last  year, 
the  biggest  improvements  are  in  reporting 
and  linking,  which  showed  40%  improve¬ 
ments. The  median  score  for  understanding 
application  performance  improved  30%, 
while  the  median  score  for  measurement 
best  practices  remained  essentially  un¬ 
changed.  These  results  point  to  process 
improvement  over  the  past  year. 

So,  APM  practices  improved  over  the  past 
year.  But  how  does  that  translate  into 
results? 

Higher  benchmark  scores  equal  better 
performance 

The  survey  results  show  extremely  positive 
correlations  between  best-practices  bench¬ 
mark  scores  and  actual  application- 

See  Applications,  page  35 
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performance  delivered  to  the  business. 

The  graphic  on  the  previous  page  illus¬ 
trates  how  dramatic  these  correlations  are. 
On  the  whole,  enterprises  with  excellent 
best  practices  deliver  100%  better  results  to 
their  users  than  those  with  poor  practices. 

Here’s  where  the  rubber  meets  the  road: 
Our  survey  results  show  that  best  practices 
exert  their  most  dramatic  effect  on  reduc¬ 
ing  the  time  it  takes  enterprises  to  solve 
problems,  with  a  338%  score  improvement 
in  problem-resolution  time  among  those 
with  best  practices  compared  with  their 
more  poorly  performing  counterparts. 

The  bulk  of  those  with  poor  benchmark¬ 
ing  scores  describe  their  problem  resolu¬ 
tion  times  as  too  long,  whereas  respondents 
with  high  benchmarking  scores  generally 
describe  problem  resolution  times  as  meet¬ 
ing  or  exceeding  industry  norms. 

Those  with  the  top  best-practices  scores 
were  more  than  twice  as  likely  (144%)  as 
those  with  poor  scores  to  discover  prob¬ 
lems  through  systems  vs.  learning  about 
them  from  users  —  and  they  were  twice  as 
likely  (93%)  to  favorably  assess  the  overall 
response  times  for  important  applications. 
Highest-scoring  respondents  also  were 
more  likely  (70%)  to  assess  the  perform¬ 
ance  of  their  business-critical  applications 
as  meeting  their  business  needs. 

Availability  showed  the  least  improve¬ 
ment  in  effectiveness  from  the  worst-  to  the 
best-performing  enterprises.  This  may  indi¬ 
cate  that  availability  is  relatively  consistent 
across  the  survey  population.  It  may  be  that 
availability  may  be  nearing  as  good  as  it 
can  get. 

ITIL  is  in 

We  asked  survey  participants  whether 
they  have  adopted  or  plan  to  adopt  formal 
frameworks  to  improve  APM.  Sixty-two  per¬ 
cent  of  respondents  have  adopted  or  plan 
to  adopt  the  ITSM  framework,  as  defined  by 
ITIL,  while  24%  have  or  will  adopt  FCAPS,as 
defined  by  ISO. 

There  was  a  hefty  increase  in  the  percent¬ 
age  of  ITSM  adoptees  —  from  54%  in  2007 
to  62%  this  year  —  and  an  even  heftier 
decrease  in  FCAPS  adoption  —  from  46% 
last  year  to  24%  this  year.  The  ITSM  frame¬ 
work  clearly  is  waxing  in  popularity  and  the 
FCAPS  framework  is  on  the  wane. 

Distant  contenders  this  year  are  the 
Object  Management  Group’s  Common 
Object  Request  Broker  Architecture  (5%), 
and  the  Distributed  Management  Task 
Force’s  Common  Information  Model  barely 
on  the  radar  screen  (3%). 

Impediments  to  APM  best  practices 

Finally,  we  asked  enterprises  to  identify 
impediments  to  improving  application  per¬ 
formance  (see  graphic,  this  page). 
Insufficient  cross-group  collaboration,  insuf¬ 
ficient  manpower  and  lack  of  proper  tools 


tie  for  the  top  of  this  year’s  list  of  impedi¬ 
ments,  with  nearly  50%  of  respondents  men¬ 
tioning  them. 

A  second  group  of  impediments  were 
mentioned  by  about  40%  of  respondents  — 
perceived  insufficient  value  for  the  effort 
required,  inadequate  process  and  lack  of 
expertise. 


We  saw  a  15%  increase  compared  with 
last  year  in  respondents  citing  insufficient 
cross-group  collaboration  as  an  impedi¬ 
ment.  We  surmise  that  managing  applica¬ 
tion  performance  requires  more  interde¬ 
partmental  collaboration  than  departments 
have  been  used  to,  and  that  processes  have 
not  been  implemented  that  facilitate  the 
needed  collaboration.  Groups  often  are 
more  accustomed  to  sniping  at  each  other 
about  who  is  at  fault  than  working  together 
to  solve  performance  problems. 

Also  of  interest  is  a  12%  increase  in 
respondents  citing  perceived  insufficient 
value  for  the  effort  required  as  an  impedi¬ 
ment  to  improving  application  perform¬ 
ance.  This  probably  reflects  increasing 
awareness  that  investment  is  needed  in 
APM  facilities  and  process,  yet  convincing 
management  to  spend  is  often  challenging 
because  the  return  on  that  investment  is 
hard  to  quantify. 

Conclusions 

The  NetForecast  survey  results  show  a 
compelling  relationship  between  imple¬ 
menting  best  practices  and  better  enter¬ 
prise  business-application  performance. 
This  indicates  a  worthwhile  ROI  in  the  peo¬ 
ple  and  processes  required  to  improve  a 
company’s  best-practices  benchmark  score. 
Our  data  reveals  that  the  higher  a  compa¬ 
ny’s  benchmark  score  is,  the  better  its  busi¬ 
ness-critical  performance  results  are  likely 
to  be. 


We  also  find  that  enterprises  are  learning 
the  APM  best-practices  ropes  quickly,  with  a 
10%  overall  improvement  in  benchmark 
scores  over  last  year. That  improvement  may 
continue  because  better  application  perfor¬ 
mance  makes  a  business  healthier  and 
users  happier  and  more  productive.  In 
short,  the  NetForecast  study  results  show 


that  implementing  APM  best  practices  is 
well  worth  the  trouble. 

Until  now,  discussion  about  APM  has  cen¬ 
tered  on  products.  As  important  as  products 
are,  it  is  the  people  and  the  processes  that 
make  performance  better.  We  encourage 
enterprises  to  approach  APM  holistically 
and  put  products  in  their  proper  place  with¬ 
in  a  larger  business  and  human-centered 
context. 

Sevcik  is  president  of  NetForecast  and 
founder  of  the  Apdex  Alliance.  He  is  an 
authority  on  measuring,  assessing  and 
improving  the  performance  of  network 
applications.  Sevcik  has  contributed  to  the 
design  of  more  than  1 00  networks,  includ¬ 
ing  the  Internet,  and  to  the  success  of  more 
than  25  application  management  products. 
He  can  be  reached  at 
peter@netforecast.  com. 

Wetzel  is  an  associate  of  NetForecast  and 
a  veteran  of  the  data  networking  industry. 
She  works  with  network  product  vendors 
and  service  providers  to  develop  and  imple¬ 
ment  successful  product  and  marketing 
strategies.  She  can  be  reached  at  rebecca 
@netforecast.  com. 


Visit  our  App  Performance  View  blog  at 
www.nwdocfinder.com/7021  for  more 
findings  from  the  NetForecast  survey. 
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What’s  holding  customers  back? 

The  top  impediments  to  implementing  APM  best  practices  are  lack  of  propertools,  lack  of  manpower 
and  insufficient  cross-group  collaboration. The  results  overtime  show  that  people  and  process 
issues  are  gaining  in  importance,  while  tools  issues  are  falling. 


Lack  of  propertools 
Lack  of  sufficient  manpower 
Insufficient  cross-group  collaboration 
Perceived  insufficient  value  for  the  effort  required 

Inadequate  process 
Lack  of  expertise 
Lack  of  consensus  on  setting  performance  targets  ■ 
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Lack  of  upper-management  buy-in 


■I  2008 
2007 


10%  20%  30%  40%  50% 
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UNIFIED  COMMUNICATIONS  Alere  SugarCRM 


Toward  a  unified  front 

Alere  finds  unified  communications  helps  streamline  operations,  keep  costs 
under  control  and  foster  knowledge-sharing  —  without  regard  for  geography 


BY  PAUL  DESMOND 

Establishing  effective  com¬ 
munications  is  a  chal¬ 
lenge  in  any  company, 
but  it’s  even  more  so  in 
one  created  through  mergers 
and  acquisitions,  such  as  health¬ 
care  services  provider  Alere. 
Bryan  Larrieu,  vice  president  of 
IT  operations,  ended  up  at  Alere 
after  Inverness  Medical  Innova¬ 
tions  acquired  his  employer 
Matria  Healthcare.  Matria 
merged  with  Alere  Medical  and 
ParadigmHealth  last  month  to 
form  the  new  Alere.  Larrieu  s 
organization  now  is  responsible 
for  about  3, 600  employees,  six 
data  centers,  1 5  sites  with  50  or 
more  people,  five  satellite  offices 
and  some  400  teleworkers. 
Unified  communications  tech¬ 
nology  has  helped  Larrieu  cut 
costs,  streamline  communica¬ 
tions  and  generate  cooperative 
thinking. 


Getting  the  right 
people  together  to 
make  decisions  more 
quickly  is  a  big  gain,” 
says  Bryan  Larrieu, 
VPof  ITror  Alere. 


VoIP  is  at  the  heart  of  many  unified  commu¬ 
nications  implementations,  i  imagine  you 
have  a  mix,  given  all  the  mergers. 

I  support  five  platforms  from  Cisco  and 
Avaya.  The  longest  has  been  in  about  seven 
years. We’ve  had  a  Cisco  IPCC  [IP  Contact  Cen¬ 
ter]  platform  for  at  least  five  years  in  one  of  our 


Lila  Tretikov,  CIO 
at  SugarCRM,  says 
the  question  is 
not  whether  you 
should  imple¬ 
ment  unified  communications 
technologies,  but  how. 


legacy  environments,  and  the  Avaya  VoIP  plat¬ 
form  in  another. The  Avaya  will  be  our  platform 
going  forward.  It’s  the  larger  of  the  implemen¬ 
tations  and  is  a  more  current  generation. 

Are  the  400  employees  who  work  remotely 
using  VoIP? 

Yes,  they  have  VoIP  and  full  [computer- 
telephone  integration]  with  our  applications, 
and  instant  messaging  as  well. 

Outline  your  UG  platform. 

Our  primary  platform  is  Microsoft  Office 
Communications  Server  (OCS),  which  allows 
IM  and  video  connectivity  as  well  as  presence. 
We  also  offer  videoconferencing  on  another 
platform,  leveraging  the  same  converged  back¬ 
bone  for  interoffice  communications.  We  also 
use  MOSS  [Microsoft  Office  SharePoint  Server 
2007]  for  collaboration.  That  includes  not  just 
documents,  but  blogs  and  blogging  forums 


where  teams  can  post  information  and  see 
updates  to  questions  and/or  documents.  You 
can  have  a  document  of  record  that  you  don’t 
have  to  pull  down  to  a  local  desktop,  for  exam¬ 
ple  —  changes  can  be  made  right  on 
ShareFbint.With  the  blogs,  we  do  a  lot  of, ‘Does 
anybody  know,  has  anybody  seen,  has  anybody 
heard  about?’  MOSS  also  houses  our  intranet, 
so  corporate  communications  are  posted 
there,  and  some  e-learning  modules. 

What  about  unified  messaging  -  is  it  part 
of  your  VoIP  platforms? 

It  is,  but  we  haven’t  rolled  it  out.  Ultimately, 
when  we  roll  out  Avaya,  there  will  be  shared 
voice  mail  and  five-digit  dialing,  probably  by 
year-end.  In  the  next  six  to  12  months  we’ll 
have  full  voice-mail  integration,  leveraging  the 
Avaya  platform.  You’ll  be  able  to  pull  voice 
mail  from  e-mail  and  even  manage  it  from  a 

See  Larrieu,  page  40 
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The  inefficiency,  complexity  and  rising  energy  costs  of  twentieth-century 
datacenters  simply  can’t  support  the  demands  of  twenty-first-century 
business.  IBM’s  New  Enterprise  Data  Center  is  a  vision  for  IT  that’s  highly 
efficient,  business  driven  and  greener-by-design.  IBM  is  already  working 
with  over  2,000  clients  to  help  make  this  vision  a  reality.  A  greener  world 
starts  with  greener  business.  Greener  business  starts  with  IBM. 

SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

See  our  Webcast  about  greener  datacenters  at  ibm.com/green/datacenter 
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Companies  spend  millions  of  dollars  on  energy  to  store  their  information.  A  problem  that 
is  only  getting  worse-for  IT  budgets  and  for  the  planet.  IBM  has  a  broad  range  of  information 
management  solutions  to  help  companies  use  their  information  more  strategically  and 
efficiently.  From  deep  data  compression  capabilities  that  reduce  storage  requirements  by 
up  to  80%  to  smart  archiving  that  improves  application  performance,  Information  on  Demand 
helps  companies  extract  real  business  value  from  their  information  without  wasting  money 
and  energy.  A  greener  world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 


Learn  how  to  do  more  with  less.  Get  the  eBook  at  ibm.com/qreen/data 
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UNIFIED  COMMUNICATIONS  Alere  SugarCRM 


Larrieu 

continued  from  page  36 

GUI,  so  you  can  click  on  the  icon  and  play  it 
on  your  desktop,  or  drag  and  drop  a  message 
over  to  another  mailbox. 

It's  interesting  that  you've  had  VoIP  for  that 
long  but  haven't  implemented  unified  mes¬ 
saging  yet.  Why  is  that? 

It’s  been  a  challenge  with  all  the  integrations 
we’ve  done.  Matria  had  done  four  acquisitions 
in  24  months.  Alere  did  three  in  the  last  24 
months.  Every  time  you’re  getting  ready  to  get 
something  figured  out,  you’ve  got  to  bolt  on  a 
new  business.  Priorities  and  investments 
change. 

How  do  your  employees  use  these  unified- 
communications  tools  day-to-day? 

IM  is  huge,  when  you  want  to  quickly  pull  a 
group  together  and  send  out  a  uniform  mes¬ 
sage.  We  also  do  conference  calls  with  partners 
and  customers,  and  IM  allows  us  to  share 
thoughts  among  ourselves  outside  of  the  call. 
Our  developers  also  use  IM  to  share  lines  of 
code. They’ll  go  into  OCS  and  send  a  piece  of 
code  that  can  be  used  for  testing  right  on  the 
spot,  or  put  it  up  for  review  in  the  forum,  or  col¬ 
laborate  on  the  code  right  there.  So,  that  kind  of 
efficiency  is  a  huge  gain  for  us. 

How  are  you  using  video? 

To  save  on  travel.  We’re  on  the  front  end  of 
our  video  implementation.  We  have  at  least 
one  conference  room  in  every  site,  and  we’re 
starting  to  push  it  to  the  desktop.  We’re  proba¬ 


bly  5%  to  10%  into  the  implementation, starting 
with  IT,  both  operations  and  development. 

How  are  you  using  blogs? 

We  have  a  couple  of  architects  who  every 
Friday  morning  send  out  a  blog  on  various  top¬ 
ics,  whether  it’s  architecture,  an  application,  an 
infrastructure  play  or  software-as-a-service.  It 
stimulates  thought  about  how  we’re  looking  at 
new  technologies  and  how  we  can  implement 
or  integrate  them.You  get  a  broad  perspective 
because  we’re  marrying  several  development 
teams  because  of  all  the  integration  activity 

Was  that  kind  of  thought  stimulation  hap¬ 
pening  at  all  before? 

No,  it  wasn’t.  It  came  about  when  we  were 
looking  at  how  best  to  leverage  ShareFbint 
Services.  We  knew  that  HR  and  operations 
each  wanted  a  portal  to  share  in  formation.  We 
[in  IT]  wanted  to  share  reports  up  the  chain 
regarding  our  metrics.  And  someone  said,  you 
know, we  could  use  this  as  a  portal  for  ideation. 
It  was  just  something  that  got  born  as  we  were 
looking  at  some  of  the  tools  within  the  tools. 

How  about  presence  technology  -  is  it 
changing  life  for  employees? 

Let’s  say  I’m  using  workflow  to  route  a  docu¬ 
ment.  I  can  tell  whether  you’re  in  or  out  of  the 
office  based  upon  your  icon.  If  you’re  not  there, 
I’ll  send  the  document  around  you  to  the  next 
person  in  the  approval  chain.  If  I  know  you’re 
on  vacation  because  you’ve  posted  that  on 
your  IM  icon, then  I’m  not  waiting  for  an  e-mail 
from  you.  It  allows  us  to  keep  things  flowing. 

Also,  in  any  contact  center,  you  have  skills- 


based  routing.  If  you’re  fielding  a  call  from  a 
customer  and  you  don’t  have  a  certain  skill  set 
to  take  them  to  the  next  level,  you  can  look 
within  the  group  to  see  if  an  agent  with  the 
appropriate  skills  is  available.  That's  probably 
the  biggest  win  we’ve  gotten  out  of  presence. 

And  these  people  can  be  anywhere,  such  as 
nurses  who  work  out  of  their  homes? 

There  is  no  way  for  you  to  tell  whether  I’m  at 
home,  in  my  car  or  in  my  office. 

What  about  the  400  people  who  work  at 
home  or  in  satellite  offices?  What  do  these 
tools  mean  to  them? 

It  allows  me  to  find  talent  in  other  geograph¬ 
ical  regions  and  be  able  to  communicate  with 
them,  both  inbound  and  outbound,  to  affect 
our  mission.That’s  a  huge  upside,  being  able  to 
tap  resources  outside  your  geographical 
region. The  other  part  is,  it’s  a  morale  booster  if 
I  can  tell  a  person, you  can  work  from  home  a 
couple  of  days  a  week  so  you  don’t  have  to  sit 
in  traffic. 

How  did  you  get  buy-in  for  these  tools?  What 
was  the  business  case? 

Cost  avoidance.  We  brought  it  to  the  business 
as  an  opportunity  and  got  immediate  buy-in. 
Our  assessments  have  changed  greatly 
because  the  original  numbers  didn’t  have  the 
three  new  companies  bolted  together.  So,  the 
math  is  still  good,  but  it’s  a  larger  number. 
Originally,  for  telecom  we  realized  about 
$1.2  million  in  savings  just  from  collapsing  our 
voice  and  data  onto  one  backbone. 

Once  you  implement  UC  tools,  how  do  you 
get  people  to  use  them? 

Instant  messaging  took  no  time  to  do. Video- 
conferencing  was  kind  of  a  mandate.  We  went 
to  HR  and  the  executive  team  and  said, ‘we 
have  a  way  to  reduce  travel  costs’  They  chal¬ 
lenged  employees,  asking  them  if  meetings 
could  be  done  via  video  vs.  getting  on  a  plane. 
So,  we  got  executive  support  on  the  video 
piece,  and  that’s  big  in  terms  of  getting  people 
to  use  it.  But  we  also  had  people  trying  to  get 
more  out  of  their  resources  to  become  more 
productive.  So,  they  were  kind  of  a  natural 
migratory  path.  And  most  of  us  have  kids  who 
IM,and  we’re  trying  to  keep  up  with  them.  My 
kids  told  me  e-mail  was  old  hat. 

How  would  you  say  unified  communications 
has  affected  decision-making? 

It’s  greatly  improved  it,  because  now  I  can 
quickly  bring  together  all  the  people  whom  I 
need  to  make  the  decision.  And  I  can  do  it  via 
video  if  I  so  choose  or  set  up  a  chat.  So,  getting 
the  right  people  together  to  make  decisions 
more  quickly  is  a  big  gain. 

What  has  surprised  you  the  most  about 
your  unified  communications  deployment9 

The  [high]  quality  of  the  voice  and  the  video 
calls  going  across  the  wide  area,  even  over  a 
large  number  of  miles. 


Getting  Personal:  Bryan  Larrieu 


Title: 

Vice  president  of  IT  operations 

Organization: 

Alere 

Responsibilities: 

Engineering  and  operations  responsibility  for  data  center, 
LAN,  WAN,  telephony,  computing  resources,  security  and 
backup.  Operations  responsibility  for  database,  applications, 
disaster-recovery  and  business-continuity  planning,  intranet 
and  Internet 
connectivity. 

Annual  IT  budget: 

$10  million+ 

Number  of  IT  staff: 

87 

Education: 

BA  Math/Computer  Science, Talladega  College 

Previous  jobs: 

Vice  president  for  network,  telecommunications  and  sys¬ 
tems  security  at  CheckFree 

First  PC: 

Apple  lie 

Home  network: 

“Wireless  network  supporting  three  desktop  and  two  laptop 
PCs,  with  2T  NAS  and  3M  DSL  service  plus  integrated 
Windows  Media  Center  Extender  with  Xbox." 

First  internet 
experience: 

"Using  a  9.6-baud  modem  to  FTP  files  among  a  group  of 
friends  and  thinking  how  cool  it  was  to  be  able  to  transfer 
files  without  having  to  use  720k  floppies.” 

Words  to  live  by: 

We  are  what  we  continually  do. 

40  •  OCTOBER  13,  2008  *  www.networkworld.com 


UNIFIED  COMMUNICATIONS  Alere  SugarCRM 


Sweet  communications 

Open  source  software  purveyor  SugarCRM  practices  what  it  preaches,  using 
a  set  of  open  communications  tools  as  the  foundation  of  company  —  and 
customer  —  communications 


BY  PAUL  DESMOND 

The  question  is  not 
whether  you  should 
implement  unified  com¬ 
munications  technologies 
when  your  company  is  in  the 
open  source  community  and 
full  of  employees  fresh  from  col¬ 
lege  who  would  rather  instant- 
message  than  make  a  phone 
call.  The  question  is  how,  says 
Lila  Tretikov,  CIO  at  SugarCRM, 
an  open  source  software  com¬ 
pany  founded  in  2004.  The  com¬ 
pany  ties  multiple  unified  com¬ 
munications  packages  into  its 
own  relationship  management 
platform  to  enable  effective 
communications  among  its 
workforce  of  150  employees  — 
at  least  25%  of  them  remote  — 
and  a  development  group  in 
Shanghai,  China,  as  well  as  cus¬ 
tomers  and  the  extended  open 
source  community. 

What  are  some  of  the  tools  you  use  that 
play  into  unified  communications? 

We  have  our  own  plug-in  for  VoIP  phones, 
called  Sugar  Phones,  for  our  CRM  system, 
which  is  what  the  company  runs  on. The  CRM 
system  is  not  just  for  sales,  it’s  a  tool  to  keep 
people,  management  and  communications  in 
sync  across  the  organization.  Everyone  in  the 
company  uses  the  Sugar  platform  for  whatever 
they  need  to  do,  whether  it’s  HR  or  support, 
sales  or  finance.  On  top  of  that  there’s  the 
phone,  IM  and  e-mail  all  plugged  in. Those  are 
the  dominant  ones,  and  then  there  are  infra¬ 
structure  pieces,  such  as  VPN. 

Is  your  VoIP  platform  open  source? 

The  VoIP  server  is  built  on  top  of  Digium 
[which  developed  the  Asterisk  open  source 
telephony  platform]  .We  use  the  supported  ver¬ 


sion.  We  get  voice  mail  by  e-mail,  as  part  of  the 
VoIP  server  setup.  We  have  a  converged  net¬ 
work  going  into  headquarters,  with  all  voice, 
data  and  video  going  over  fiber,  all  IP 

What  about  presence  capabilities? 

Calendars  plug  into  Sugar’s  own  software, 
and  you  can  use  Outlook  or  whatever  client 
you’re  comfortable  with.  So,  you  can  see  if 
somebody’s  in  a  meeting,  and  over  IM  you  can 
also  see  whether  someone  is  available  or  not. 
Today  everyone  uses  Yahoo  IM.That  is  going  to 
change  in  the  next  little  while  to  an  internally 
hosted  solution.  We’re  not  sure  which  one  yet. 

Do  you  also  use  online  meeting  tools? 

Our  biggest  installation  is  [Citrix  Systems’] 
GoToMeeting,  but  some  people  use  others  for 
specific  reasons.  So,  we  use  [Cisco’s]  WebEx 


RICHARD  MORGENSTEIN 

and  some  Dimdim,  for  really  simple  things  — 
the  open  source  version  of  Dimdim  that  has 
video,  audio  and  everything  else  built  in. 

How  does  all  of  this  play  out  in  practice? 

Let’s  start  with  the  meeting  tools.  They  are 
mostly  used  by  sales  engineers  and  the  sales 
department,  who  use  desktop-sharing  and 
presentation-sharing  software.  More  often  than 
not,  especially  for  initial  meetings,  it’s  very  sat¬ 
isfactory.  They  can  take  the  customer  along, 
doing  a  presentation  completely  virtually  We 
also  set  up  a  lot  of  training  Webinars  that  we 
publish  on  the  Web.  Some  are  live,  some  prere¬ 
corded.  In  terms  of  educating  and  early  sales 
education,  that  is  invaluable  for  us.  And  we  use 
it  internally  to  communicate  with  remote  em¬ 
ployees.  When  engineering  has  meetings  with 

See  Tretikov,  page  44 
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Getting  Personal 

Title: 

Lila  Tretikov 

Organization: 

SuqarCRM 

Responsibilities: 

Data  center  operations,  internal  IT  administration,  internal  oper¬ 
ations,  some  R&D. 

Annual  IT  budget: 

About  $1  million,  not  including  salaries. 

Number  of  IT  staff: 

14 

Education: 

Degree  from  Lomonosov  Moscow  State  University;  computer 
science  research  on  computational  complexity  theory  at 

University  of  California  at  Berkeley. 

Previous  jobs: 

Applications  and  creative  director  for  Bank  of  America; 

Engineering  director  at  Telespree,  working  on  network  applica¬ 
tions  for  Sprint/Nextel;  Application  architect  for  Human  Genome 
Project  at  Lawrence  Berkeley  National  Laboratory. 

First  PC: 

IBM  lntel-8088-based  PC. 

Home  network: 

Wireless  network  with  three  desktops,  one  of  which  is  a  server, 
and  three  laptops. 

First  Internet 
experience: 

Probably  communicating  with  friends  out  of  a  Unix  shell  window, 
chatting. 

Words  to  live  by: 

Change  is  the  only  constant. 

Tretikov 
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China,  they  use  VoIP  communications  and 
video  to  communicate  with  them.  We  have  a 
room  with  a  big  flat-screen  TV  so  people  can 
see  each  other  —  a  virtual  office. We  use  Skype 
for  video,  and  the  environment  is  set  up  so  you 
don’t  have  to  use  your  own  computer. 

1M  is  also  used  constantly.That’s  probably  our 
primary  method  of  communication  before  we 
pick  up  the  phone  or  anything  else.  So,  people 
who  are  in  the  same  or  similar  time  zones  tend 
to  use  1M,  and  people  who  are  in  different 
hemispheres  use  email  or  schedule  meetings 
using  a  virtual  office  environment. 

Larger  companies  sometimes  have  issues 
getting  people  to  use  these  tools.  Did  you 
face  any  of  that? 

Not  at  all. It’s  an  open  source  companyso  that 
type  of  communication  is  built  into  the  DNA  of 
the  business.  It’s  almost  harder  to  get  people  to 
use  more  traditional  forms  of  communication, 
rather  than  the  other  way  around.  I  have  peo¬ 
ple  on  my  team  who  will  update  what  they’re 
working  on  using  Twitter.  I’ll  get  Twitter  updates, 
saying  part  of  my  team  is  working  on  this, 
another  part  is  working  on  that. 

Gan  you  speak  to  what  these  tools  have 
meant  to  the  company  as  opposed  to  buying 
off-the-shelf  software? 

We  do  have  off-the-shelf  software,  but  Sugar 
has  always  been  a  lean, mean  kind  of  machine. 
And  a  lot  of  our  company  is  young,  just  coming 
out  of  college,  so  these  are  the  tools  they’re 
used  to.  We  don’t  see  any  need  to  stifle  that.  If 
they’re  productive  with  them,  why  not  let  them 
continue  to  use  them?  In  our  experience  peo¬ 
ple  are  happier  having  that  freedom.  Pro¬ 
ductivity  is  high  because  people  are  happy 
with  them,  they  use  them  and  they’re  extremely 
immediate.  You  can  send  an  e-mail  and  if  the 
email  doesn’t  get  a  response,  you  can  use  IM 
or  chat.  If  you  go  on  an  IRC  [Internet  Relay 
Chat]  channel,  you  can  find  multiple  people 
who  can  answer  your  question. 

How  is  IRC  used? 

Think  of  it  as  a  chat  room.  It’s  used  for  inter¬ 
nal  teams  and  external  developers.  Whenever 
someone  from  the  community  comes  in  and 
asks  a  question,  anyone  within  the  company 
can  see  the  question  and  respond  to  it.  And  for 
developers  who  have  tons  of  people  using 
Sugar  in,  let’s  say  Europe,  IRC  is  much  more 
convenient  than  other  mediums. 

Is  there  anything  that  has  not  worked 
too  well  with  respect  to  your  unified- 
communications  efforts? 

The  problem  I  see  the  most  is  that  there  are 
tons  of  tools  out  there  but  they’re  not  linked 
in  together  very  well. They’re  just  not  mature 
enough  where  you  have  a  complete  commu¬ 
nications  console.  It’s  a  trade-off.  If  you  look 
at  Gmail,  [Google  has]  some  things  inte¬ 
grated  there. The  problem  is,  you  have  to  use 


Gmail.  If  you  want  to  host  your  e-mail  in- 
house,  there’s  no  option  for  that.  Microsoft 
with  its  latest  [Office  Communications 
Server]  is  more  like  a  complete  console,  but 
it  doesn’t  have  everything  that  we  use. 
Microsoft  has  an  in-house  e-mail  option,  but 
the  way  Microsoft  technologies  work  is,  a  lot 
of  times  once  you  get  one  [tool]  and  it  per¬ 
colates  and  everything  else  has  to  be  hooked 
in,  and  the  product  is  also  proprietary. 

So,  what  I’m  looking  for,  and  we’re  getting 
there  pretty  quickly  is  a  unified  console  where 
all  of  your  communications  are  tied  in,  and 
your  relationship  system  as  well.  So,  you  have 
your  phone,  chat,  SMS  client  and  e-mail,  all 
within  the  same  visibility  frame.  And  there’s 
intelligence  around  it,  so  if  the  same  person 
calls  and  emails  you,  all  of  that  is  tied  in  to¬ 
gether.  If  someone  is  emailing  you,  the  system 
might  already  know  this  is  an  important  con¬ 
tact,  based  on  your  response  rate,  and  it  will 
highlight  it  for  you  or  display  it  larger.lt  also  will 
tie  in  all  of  the  other  communications  you’ve 
had  with  that  person.  A  lot  of  times  CRM  does 
that,  but  the  hooks  need  to  be  there  either  with¬ 
in  the  CRM  system  or  within  the  communica¬ 
tions  panel  itself. 

What  are  some  of  the  challenges  in  provid¬ 
ing  proper  security  when  you're  using  all 
these  tools? 

Good  encryption  is  one.  Today  most  of  the 
time  you  have  to  install  something  specific  for 
a  particular  client  and  both  parties  have  to 
have  it;  there’s  no  de  facto  standard.  With  our 
internal  users,  for  remote  users  we  use  a  VPN, 
so  the  channels  are  encrypted.  With  partners 
and  customers,  usually  it’s  not  particularly  sen¬ 
sitive  data,  typically  just  demos  or  presenta¬ 
tions.  If  you’re  going  to  be  communicating  any 


kind  of  private  data,  we  require  you  encrypt 
your  communication  channels. You  download 
software,  PGP  for  example,  for  chat.  E-mail  just 
goes  over  SSL  and  phone  calls  go  over  the  VPN. 

What  would  you  say  are  the  keys  to  rolling 
out  the  same  sorts  of  unifiefcommunica- 
tions  tools  on  a  larger  scale? 

With  larger  companies  you  need  to  have  a 
clear  strategy  If  you  look  at  a  company  like 
Google,  they  have  a  bottom-up  approach.They 
allow  their  users  to  do  whatever  they  want  in 
their  particular  group,  more  or  less.  Those  peo¬ 
ple  who  want  to  use  Twitter  for  their  communi¬ 
cations,  they  can.  Larger  companies  I’ve 
worked  for,  like  [Bank  of  America] ,  you’re  just 
not  going  to  have  access  to  those  sites  [like 
Twitter]  because  they  block  them  for  security 
purposes.  In  an  environment  like  that, you  have 
to  have  a  very  clear  strategy  because  you  can’t 
allow  grass-roots  mechanisms.  And  that  means 
you  have  to  go  figure  out,  is  Microsoft 
Communicator  sufficient  for  my  needs  or  do  I 
need  something  else?  If  I  need  something  else, 
am  I  going  to  do  a  hodgepodge?  How  do  I  con¬ 
nect  those  technologies? 

Is  there  any  way  to  gauge  the  productivity 
gains  you're  getting? 

It’s  really  hard  to  tell,  but  my  guess  is  that  we 
get  gains  because  it’s  just  so  much  easier  to 
communicate  while  you’re  doing  other  things. 
For  me,  it’s  probably  about  a  30%  gain.  I’m 
pretty  decent  at  multitasking,  so  I  can  parallel¬ 
ize  a  lot.  It  ultimately  depends  on  the  person. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 
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the  campus  Xythos  Software  online-docu¬ 
ment  management  system.  Since  deploying 
Xythos  in  the  spring  of  2008,  ACU  has  been 
building  applications  on  top  of  it,  including  a 
class-folder  system:  For  each  class,  teachers 
can  add  a  syllabus,  a  spreadsheet,  PDF  files, 
video  clips,  podcasts,  all  accessible  by  iPhone 
from  wherever  there  is  wireless  access. 

ACU  created  a  bundle  of  Web-based  mobile 
applications,  rather  than  make  use  of  Apple’s 
software  developers  kit.  That  gives  the  school 
the  option  of  making  use  of  other  devices  in 
the  future,  possibly  a  touch-based  Android 
phone,  running  a  full  mobile-Web  browser, 
such  as  Firefox  for  Mobile,  now  in  develop¬ 
ment.  These  new  mobile  applications  —  and 
others,  such  as  Google  Apps  for  Education,  a 
suite  of  e-mail  and  other  cloud-based  services 
—  are  all  accessible  as  soon  as  users  complete 
their  logon  authentication. 

One  group  of  ACU  applications  heavily  used 
by  Davis  during  her  first  week  or  so  on  campus 
is  called  mymobile.“You  click  on  the  tab  and  it 
tells  you  the  classes  you’re  enrolled  in,  where 
they  are,  the  professor’s  name;  and  [gives  you] 
a  3-D  map  of  the  campus,”  she  says.  “That  was 
really  really  helpful  to  find  your  way  around.” 

Part  of  mymobile  is  what  ACU  calls  NANO 
tools,  for  “no  advanced  notice.”  These  are  a  set 
of  interactive  quizzes, polls  and  other  programs 
for  class  use.  Davis  says  her  Bible  class  profes¬ 
sor  is  constantly  doing  in-class,  online  polls  of 
the  students,  who  select  answers  via  the 
device’s  Safari  Web  browser.“lt’s  really  neat:You 
can  see  the  results  changing,”  she  says. 

A  second  tab  is  ACUmobile,  which  has  cam¬ 
pus  calendars,  events  and  photos  taken  by  stu¬ 
dents.  A  third  tab,  pocketguide,  contains  infor¬ 
mation  about  the  city  of  Abilene:  places  to  eat, 
bands,  coffee  shops  and  the  like. 

The  devices  are  constantly  in  use,  not  just  in 
class  but  across  the  campus,  apparently  mak¬ 
ing  it  easier  and  faster  for  students  to  find  and 
develop  their  own  place  in  the  campus  com¬ 
munity.  One  of  the  first  applications  Davis 
downloaded  from  Apple’s  App  Store  was  the 
Facebook  application,  where  she  has  her  own 
profile  and  networks  of  family,  friends  and 
classmates.  “I’m  always  logged  in,  and  it’s  just 
like  being  on  my  computer”  she  says. 

Davis  keeps  in  touch  with  nearly  all  of  them, 
sending  and  receiving  200  to  300  text  messages 
a  day  That  was  one  of  the  two  problems  she  en¬ 
countered  with  her  iPhone:  shifting  from  being 
a  texting  speed-freak  with  her  old  Samsung 
Wafer  phone  on  Alltel’s  network  to  the  iPhone’s 
virtual  keyboard.Tm  as  fast  as  I  used  to  be,  but 
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now  I  do  have  to  look  at  the  keypad  "she  says. 

The  other  problem  was  draining  her  iPhone 
battery  which  happened  almost  daily  to  start 
with,  until  she  shut  off  the  3G  connection  while 
on  campus  and  relied  on  ACU’s  just-upgraded 
Alcatel-Lucent  Wi-Fi  network  (the  vendor  has 
an  OEM  arrangement  with  Aruba  Networks  for 
wireless  LAN  [WLAN]  equipment).  When  it 
learned  of  the  school’s  plans,  AT&T,  the 
iPhone’s  sole  U.S.  carrier,  upgraded  the  campus 
area  with  3G  base  stations.  ACU  says  3G  perfor¬ 
mance  is  consistently  about  900Kbps  com¬ 
pared  with  AT&T’s  EDGE  network  at  300K  to 
400Kbps. 

“If  I  didn’t  have  my  iPhone,  I  would  feel  like  1 
was  out  of  the  loop,”  Davis  says. 

iPhone  sparks  mobility  pilot 

The  range  of  Davis’  uses  and  her  constant 
reliance  on  the  device  are  evidence  to  ACU 
IT,  faculty  and  administrators  that  the  univer¬ 
sity’s  bet  on  developing  an  ultra-mobile  plat¬ 
form  for  campus  life  is  paying  off.  A  few  years 
ago,  the  school  evaluated  the  costs  and  ben¬ 
efits  of  equipping  each  student  with  a  note¬ 
book,  says  CIO  Kevin  Roberts.  The  PCs  were 
still  bulky  and  expensive,  however,  with 
“abysmal”  battery  life;  and  ACU  discovered 
95%  of  its  students  were  showing  up  with 
some  kind  of  PC  of  their  own. 

Eighteen  months  ago,  hearing  rumors  of  the 
impending  iPhone  launch,  ACU  faculty  and  IT 
staff  brainstormed  about  how  a  wireless,  hand¬ 
held  device,  with  a  full  Web  browser  and  sup¬ 
port  for  voice,  could  impact  student  learning 
and  life.“We’re  connected  today  in  ways  we 
couldn’t  even  dream  of  10  years  ago,”  Roberts 
says. “But  our  classes  look  very  similar  to  the 
classes  of  100  or  even  200  years  ago. Why  not 
meet  the  students  where  they  are  today  using 
the  tools  they  already  have  to  leverage  the  edu¬ 
cation  process?” 

When  iPhone  was  released,  the  school 
bought  nearly  two  dozen  to  test.  By  December 
2007,  campus  officials  decided  they  had  what 
they  needed. 

Well,  almost. The  university  decided  to  focus 
on  just  the  incoming  freshmen,  rather  than  try 


to  equip  and  support  all  nearly  4,000  under¬ 
grads.  Even  so,  IT  staff  realized  the  campus  Wi¬ 
Fi  network  had  not  been  designed  to  support  a 
fully  and  constantly  connected  population. “As 
I  thought  this  through,  I  realized  these  [hand¬ 
helds]  were  wireless-only  devices,  and  much 
better  positioned  than  laptops  for  doing  all 
kinds  of  things  like  quick  lookups,”  says  Arthur 
Brant,  ACU’s  director  of  networking  services. 
“That  meant  these  devices  would  be  used  a  lot 
more  than  laptops.” 

That  meant  redesigning  the  WLAN  for 
capacity  Brant  says.  In  record  time,  the  cam¬ 
pus  network  was  completely  overhauled, 
jumping  from  176  access  points  to  500; 
another  130  or  so  are  scheduled  for  deploy¬ 
ment  in  summer  2009.  The  goal  was  to  give 
1Mbps  to  each  user,  Brant  says.  One  key  part 
of  this  rollout  was  extensive  signal  and  per¬ 
formance  testing  to  make  sure  the  WLAN 
was  delivering  that  performance. 

The  access  points  support  802.1  la/b/g, 
though  the  Apple  handhelds  run  only  on 
802.1  lg  in  the  2.4GHz  band,  posing  some 
tough  challenges  in  large  lecture  halls  with  lots 
of  students.  The  first  time  300  students  in  a 
Bible  class  tried  to  connect  in  a  lecture  hall 
with  four  access  points,  not  one  succeeded. 
There  are  now  12  access  points,  with  power  lev¬ 
els  adjusted  and  channel  plans  in  place  to  sup¬ 
port  such  use. 

ACU  is  working  now  to  configure  wireless 
laptops  to  select  802.1  la  automatically  shifting 
clients  from  the  crowded  2.4GHz  band  to  the 
much  less  crowded  5GHz  band. 

Traffic  and  usage  data  specifically  from  the 
iPhone  and  iPod  Touch  users  is  sketchy  right 
now.  Brant  says  there  has  been  a  150%  increase 
in  the  number  of  registered  devices  on  the  net¬ 
work  compared  with  last  year,  and  they’re  not 
all  Apple  devices:  There’s  been  a  jump  in  Wi-Fi 
or  dual-mode  Windows  Mobile  and  Black- 
Berry  devices  also. 

Internet  bandwidth  use  is  up  sharply  also. 
Typically  it  takes  about  three  months  at  the  start 
of  the  academic  year  to  max  out  ACU’s  Internet 
connection,  currently  peaking  at  80Mbps.  This 
year,  it  took  only  six  weeks.  ■ 
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Errant  e-mail  to  me  will  cost  you 


If  you  get  stopped  by  a  cop  for  breaking  the 
speed  limit  and  you  contend  you  didn’t 
know  the  limit,  you’ll  still  get  a  ticket 
because  ignorance  of  the  law  is  no  excuse. 
When  it  comes  to  technology  the  same  rule 
applies  —  you  don’t  get  a  pass  simply  because 
you  don’t  understand  it. 

For  example,  have  you  ever  sent  e-mail  to  a 
domain  you  weren’t  exactly  sure  of?  Maybe  the 
intended  recipient  gave  you  an  e-mail  address  over  the  phone  or  you 
used  one  from  memory 

1  have  a  “catch-all”  address  in  my  domain  for  e-mail  that  isn’t  destined 
for  a  names  account,  and  every  day  about  100  people  in  the  wide  elec¬ 
tronic  world  assumes  their  recipient  is  at  gibbs.com  when  what  they 
really  want  is  something  like  gibbscam.com  or  gibbswire.com. 

When  1  have  time  and  can  determine  who  the  recipient  was  sup¬ 
posed  to  be  and  can  be  bothered,  I’ll  be  nice  and  resend  them.  Usually 
however,  the  rest  of  the  messages  just  sit  in  the  catchall  folder  until  I 
delete  them  every  couple  of  months. What’s  interesting  is  how  many 
messages  come  with  dire  warnings  such  as: 

“This  message  is  intended  solely  for  the  use  of  the  individual  and 
entity  to  whom  it  is  addressed,  and  may  contain  information  that  is 
privileged,  confidential  and  exempt  from  disclosure  under  applicable 
state  and  federal  laws.  If  you  are  not  the  addressee,  or  are  not  autho¬ 
rized  to  receive  for  the  intended  addressee,  you  are  hereby  notified 
that  you  may  not  use,  copy,  distribute,  or  disclose  to  anyone  this  mes¬ 
sage  or  the  information  contained  herein.  If  you  have  received  this 
message  in  error,  immediately  advise  the  sender  by  reply  e-mail  and 
destroy  this  message.” 

You  see  this  on  just  about  every  other  e-mail  and  it  looks  serious,  but 


is  it  really?  It  says  clearly  you  shouldn’t  do  anything  with  the  message 
contents  or  you’ll  be  really  sorry 

That’s  ridiculous  because  if  the  contents  were  that  important  and  you 
weren’t  certain  where  they  might  wind  up  (which  is  what  your  notice 
implies),  then  no  amount  of  threatening  words  can  prevent  damage 
from  a  recipient  with  malicious  or  larcenous  intent. 

So,  let’s  say  you  misaddress  e-mail  about  some  financial  matters  that 
shouldn’t  be  made  public  and  it  winds  up  in  my  catch-all  account.  I 
could  pass  on  the  message  to  anyone  I  please  and  there’s  no  way  you 
can  prove  I  ever  received  it  or  acted  on  it  for  two  reasons. 

First, you,  a  priori,  confessed  in  your  warning  that  you  are  a  clueless 
noob  so  it  could  have  gone  anywhere.  Second,  even  if  you  could  get  a 
search  warrant  to  forensically  examine  my  systems  you  wouldn’t  find 
anything.  And  even  if  you  could  “prove”  from  your  server  logs  that  my 
mail  server  received  it  from  your  server,  you  couldn’t  prove  I’d  read  it 
before  it  was  deleted  and  purged. 

But  back  to  the  demand  that  the  sender  be  notified:  Little  do  these 
noobs  know  that  I  am  about  to  charge  $100  to  notify  them  that  they’ve 
screwed  up  and  I  will  require,  in  writing  and  delivered  by  registered 
mail,  a  notarized  affidavit  confirming  they  were  indeed  the  sender 
before  I  will  delete  their  message.  A  cashier’s  check  must  accompany 
the  affidavit.  In  fact,  I  might  automate  the  process  and  arrange  for  all 
catch-all  messages  that  are  not  claimed  and  paid  for  to  be  automatical¬ 
ly  posted  publicly  on  my  Web  site. This  could  be,  as  we  say  in  England, 
a  nice  little  earner. 

If  you  screw  up  and  send  e-mail  to  me  rather  than  who  you  meant  to 
send  it  to,  prepare  to  pay  Ignorance  of  the  law  is  no  excuse  and  neither 
is  ignorance  of  technology 

Gibbs  can  be  reached  at  backspin@gibbs.com. 


BACKSPIN 


Mark  Gibbs 


Verizon  exposes  the  wrong  e-mail  addresses 


NETBUZZ 

News,  Insights,  oddities 


This  should  be  a  vendor’s  first  rule  when 
inviting  1,200  IT  pros  to  a  seminar  about 
securing  data  and  protecting  personal 
information:  Make  sure  you  protect  the  per¬ 
sonal  information  of  the  1,200  pros  you’re 
trying  to  impress. 

How  did  Verizon  do  in  that  regard  last 
Tuesday?  It  failed  miserably 
David  Williams,  technology  coordinator  for  a 
Texas  school  district,  alerted  me  to  the  situa¬ 
tion  because  he  had  read  my  recent  Buzzblog  post  — “Run-amok 
Verizon  robo-caller  torments  1,400  customers” —  which  recounted  the 
nine  phone  calls  in  24  hours  that  were  received  at  my  house. 

“I  had  something  similar  occur  today’Williams  wrote.“In  a  period  of 
three  hours  I  received  14  emails  promoting  Verizon’s ‘Secure  the 
Information.  Secure  the  Infrastructure’ webinar  series,  and  three  emails 
promoting  their ‘2008  Data  Breach  Investigations  Report  Road  Show?” 
The  excessive  volume  of  e-mail  wasn’t  the  half  of  it,  though. 
“Considering  their  content  [about  data-breach  seminars], I  thought 
it  very  humorous  that  the  To:  field  of  the  emails  contained  over  1,200 
email  addresses:  17  emails  times  1,200  addresses  equals  more  than 
20,000  chances  for  leaks.” 

Williams  did  more  than  chuckle,  though,  he  tried  to  help  by  forward¬ 
ing  to  the  Verizon  sender  a  pair  of  online  essays  — “Sins  of  The  Inter¬ 
net:  Not  Using  Bcc,”and,“Use  BCC  field  when  addressing  mass  mail.” 

Wrote  the  miscreant  in  reply:“I  apologize  for  the  inconvenience  and 
lapse  in  judgment  by  not  using  the  BCC  field.” 

Contrition,  however,  failed  to  stem  the  flow  of  seminar  invitations. 
“You’ve  got  to  be  kidding,”  he  wrote  to  the  Verizon  guy  shortly  there- 
after.“I  have  received  seven  more  duplicates  after  this  response.” 
Verizon  again:“We  [are]  having  issues  with  our  [Microsoft] 


Exchange  server,  and  I  am  working  with  our  help  desk  to  correct  the 
problem.  I  apologize  for  the  inconvenience.” 

Verizon’s  “Secure  the  Information”  lecture  series  includes  a  segment 
called, “Are  you  prepared  for  data  loss?”  I  presume  that’s  where  the 
company  will  be  covering  the  art  of  the  apology. 

Comic  xkcd  betters  the  ‘Net ...  yet  again 

The  influence  of  the  Web  comic  xkcd  apparently  knows  no  bounds: 
It  has  now  spawned  a  new  and  potentially  game-changing  feature  on 
YouTube.  In  a  recent  xkcd  strip,  comic  creator  Randall  Monroe  sug¬ 
gested  that  YouTube  users  might  leave  fewer  stupid  comments  if  they 
first  heard  their  words  read  back  to  them  out  loud. 

Recognizing  a  good  idea  when  one  is  offered  up  for  free, YouTube 
developers  went  ahead  and  built  the  feature.  I  tried  it:  Wrote  on  one 
video, “Man,  this  is  lame,”  pressed  the  “audio  preview”  button,  heard  a 
reasonably  audible  rendition  of  the  phrase  read  back  to  me,  thought 
better  of  my  contribution,  and  hit  delete. 

And  it’s  not  the  first  time  xkcd  has  contributed  to  the  betterment  of 
the  Internet.  About  a  year  ago,  researchers  at  the  University  of 
Southern  California  presented  results  from  what  they  called  the  first 
full  “Internet  census”  conducted  in  25  years:  3  billion  pings  directed  at 
2.8  million  Internet  addresses.  From  my  post  about  that  effort: 

“Presenting  the  census  results  graphically  was  a  major  challenge. . . 
The  map  is  arranged  not  in  simple  ascending  numerical  order,  but 
instead  in  a  looping  pattern  called  a  Hilbert  curve,  which  keeps  adja¬ 
cent  addresses  physically  near  each  other,  and  also  makes  it  possible 
to  zoom  seamlessly  in  to  show  greater  detail. The  idea  of  using  a 
Hilbert  curve  actually  came  from  a  web  comic,  xkcd." 

Has  a  comic  strip  creator  ever  won  a  Nobel  Prize? 

Send  your  ideas  for  improving  the  Internet  to  buzz@nww.com. 
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NETWORK  SECURITY  THREATS 


HOW  WELL  IS  YOUR  NETWORK 


The  most  effective  way  to  protect  your  business  is  to  secure  your  endpoints  and  control  access, 
preventing  problems  before  they  arise.  Our  comprehensive  pre-  and  post-admission  control  solution 
takes  you  beyond  visibility  capabilities  to  deliver  proactive  security,  preventing  the  misuse  of 
resources  and  limiting  potential  liabilities. 
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Alcatel-Lucent  User-Centric  Network 
Security  Solutions 


AUTHENTICATION 

O  Control  who  gets  access  to  your 
network:  White-listed  exceptions 
and  blacklisted  rogues  and  customized 
access  for  employees,  remote  VPN  users, 
contractors  and  visitors. 


HOST  INTEGRITY  CHECK 

©Ensure  end-point  compliance  with 
policy:  Up-to-date  and  active 
antivirus,  compliant  operating  system 
with  critical  patches. 


ROLE-BASED  ACCESS 

Profile  controlled  acces  to  different 
areas  of  your  network:  Role-based 
access  to  enterprise  resources  and 
information. 


ANOMALY  DETECTION 

Detect  and  prevent  attacks: 
Signature-based  and 
inspection,  live  security  dashboards  for 
authentication  failures,  policy  incidents 
and  awareness. 


QUARANTINE  &  REMEDIATION 

Identify  and  isolate  security  policy 
violators:  Customizable  quarantine 
enforcement  on  the  network  edge,  and 
automated  remediation  and  restoration  to 
network  when  clean. 


MONITORING  AND  COMPLIANCE 

Meet  compliance  requirements: 
User  aware  security  management, 
network  monitoring,  incident  capture, 
extensive  logging  of  network  access  and 
activity,  and  reporting. 


Learn  more  online:  www.alcatel-lucent.com/security 


THE  BEST  OFFENSE 
AGAINST  ROGUE  APs  IS 
A  SUPERIOR  DEFENSE. 

SO  WE  TEAMED  UP  WITH 
THE  BEST. 


)  Motorola  and  AirDefense  have  come  together 
to  secure  your  wireless  enterprise. 


You  know  rogue  APs  are  out  there  -  providing  an  open  door  to  access  your  wireless  enterprise  and  exposing 
precious  data  assets  to  theft  and  misuse  -  but  they're  nearly  impossible  to  distinguish  from  the  thousands  of 
legitimate  neighboring  APs.  Fortunately,  Motorola  and  AirDefense  have  officially  joined  forces  after  a  long  and 
successful  partnership.  That  means  one  call  is  all  it  takes  to  do  what  no  other  security  provider  can:  automatically 
identify  and  exterminate  the  rogue  APs  threatening  your  wireless  enterprise  -  regardless  of  hardware  platform. 

See  how  the  Motorola  AirDefense  Solution  can  help  secure  your  wireless  enterprise. 
Call  (866)  611-9337  or  visit  motorola.com/airdefense 
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